Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3ab72088 authored Jul 31, 2006 by Patrick McHardy Committed by David S. Miller Aug 02, 2006

[NETFILTER]: xt_hashlimit/xt_string: missing string validation



The hashlimit table name and the textsearch algorithm need to be
terminated, the textsearch pattern length must not exceed the
maximum size.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent b10866fd

net/ipv4/netfilter/ipt_hashlimit.c

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -508,6 +508,9 @@ hashlimit_checkentry(const char *tablename,
	if (!r->cfg.expire)		if (!r->cfg.expire)
	return 0;		return 0;

			if (r->name[sizeof(r->name) - 1] != '\0')
			return 0;

	/* This is the best we've got: We cannot release and re-grab lock,		/* This is the best we've got: We cannot release and re-grab lock,
	* since checkentry() is called before ip_tables.c grabs ipt_mutex.		* since checkentry() is called before ip_tables.c grabs ipt_mutex.
	* We also cannot grab the hashtable spinlock, since htable_create will		* We also cannot grab the hashtable spinlock, since htable_create will

net/netfilter/xt_string.c

+4 −1

Original line number	Original line	Diff line number	Diff line
	@@ -55,7 +55,10 @@ static int checkentry(const char *tablename,
	/* Damn, can't handle this case properly with iptables... */		/* Damn, can't handle this case properly with iptables... */
	if (conf->from_offset > conf->to_offset)		if (conf->from_offset > conf->to_offset)
	return 0;		return 0;
			if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
			return 0;
			if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
			return 0;
	ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,		ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
	GFP_KERNEL, TS_AUTOLOAD);		GFP_KERNEL, TS_AUTOLOAD);
	if (IS_ERR(ts_conf))		if (IS_ERR(ts_conf))