[Devel] [PATCH RHEL7 COMMIT] ms/netfilter: nfnetlink: correctly validate length of batch messages (take 2)
Vasily Averin
vvs at virtuozzo.com
Mon Aug 24 12:02:45 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.6
------>
commit 57932314acbae8fac4f907029f29a15b1497ea10
Author: Andrey Ryabinin <aryabinin at virtuozzo.com>
Date: Mon Aug 24 12:02:45 2020 +0300
ms/netfilter: nfnetlink: correctly validate length of batch messages (take 2)
We did backport of the upstream commit c58d6c93680f
("netfilter: nfnetlink: correctly validate length of batch messages")
a while ago in scope of https://jira.sw.ru/browse/PSBM-57511.
Our backport is commit defecd27dbb0
("ms/netfilter: nfnetlink: correctly validate length of batch messages")
However the backport was incomplete, hence we can observe:
skbuff: skb_over_panic: text:ffffffffb0b5ea8a len:-48 put:-48 head:ffff880055082c80 data:ffff880055082c80 tail:0xffffffd0 end:0xc0 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:131!
Backport the missing part to finally fix this.
https://jira.sw.ru/browse/PSBM-106395
Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
net/netfilter/nfnetlink.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index a48f185..e22f84b 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -331,8 +331,9 @@ replay:
if (nlh->nlmsg_len < NLMSG_HDRLEN ||
skb->len < nlh->nlmsg_len ||
nlmsg_len(nlh) < sizeof(struct nfgenmsg)) {
- err = -EINVAL;
- goto ack;
+ nfnl_err_reset(&err_list);
+ status |= NFNL_BATCH_FAILURE;
+ goto done;
}
/* Only requests are handled by the kernel */
More information about the Devel
mailing list