diff options
author | Wander Lairson Costa <wander@redhat.com> | 2023-08-28 10:21:07 -0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-30 17:34:01 +0200 |
commit | 69c5d284f67089b4750d28ff6ac6f52ec224b330 (patch) | |
tree | d4d91ea8164ad38baed284615e8e720baacd5390 /include/linux/audit.h | |
parent | e99476497687ef9e850748fe6d232264f30bc8f9 (diff) | |
download | lwn-69c5d284f67089b4750d28ff6ac6f52ec224b330.tar.gz lwn-69c5d284f67089b4750d28ff6ac6f52ec224b330.zip |
netfilter: xt_u32: validate user space input
The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.
Add a checkentry function to validate the structure.
This was originally reported by the ZDI project (ZDI-CAN-18408).
Fixes: 1b50b8a371e9 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/audit.h')
0 files changed, 0 insertions, 0 deletions