Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7475948 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree, they are:

1) Fixed hashtable representation doesn't support timeout flag, skip it
   otherwise rules to add elements from the packet fail bogusly fail with
   EOPNOTSUPP.

2) Fix bogus error with 32-bits ebtables userspace and 64-bits kernel,
   patch from Florian Westphal.

3) Sanitize proc names in several x_tables extensions, also from Florian.

4) Add sanitization to ebt_among wormhash logic, from Florian.

5) Missing release of hook array in flowtable.
====================
parents 4665c6b0 c04a3f73

include/linux/netfilter/x_tables.h

+2 −0
Original line number Diff line number Diff line
@@ -285,6 +285,8 @@ unsigned int *xt_alloc_entry_offsets(unsigned int size); 
bool xt_find_jump_offset(const unsigned int *offsets,

			 unsigned int target, unsigned int size);



int xt_check_proc_name(const char *name, unsigned int size);



int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,

		   bool inv_proto);

int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,

net/bridge/netfilter/ebt_among.c

+34 −0
Original line number Diff line number Diff line
@@ -177,6 +177,28 @@ static bool poolsize_invalid(const struct ebt_mac_wormhash *w) 
	return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple));

}



static bool wormhash_offset_invalid(int off, unsigned int len)

{

	if (off == 0) /* not present */

		return false;



	if (off < (int)sizeof(struct ebt_among_info) ||

	    off % __alignof__(struct ebt_mac_wormhash))

		return true;



	off += sizeof(struct ebt_mac_wormhash);



	return off > len;

}



static bool wormhash_sizes_valid(const struct ebt_mac_wormhash *wh, int a, int b)

{

	if (a == 0)

		a = sizeof(struct ebt_among_info);



	return ebt_mac_wormhash_size(wh) + a == b;

}



static int ebt_among_mt_check(const struct xt_mtchk_param *par)

{

	const struct ebt_among_info *info = par->matchinfo;
@@ -189,6 +211,10 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par) 
	if (expected_length > em->match_size)

		return -EINVAL;



	if (wormhash_offset_invalid(info->wh_dst_ofs, em->match_size) ||

	    wormhash_offset_invalid(info->wh_src_ofs, em->match_size))

		return -EINVAL;



	wh_dst = ebt_among_wh_dst(info);

	if (poolsize_invalid(wh_dst))

		return -EINVAL;
@@ -201,6 +227,14 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par) 
	if (poolsize_invalid(wh_src))

		return -EINVAL;



	if (info->wh_src_ofs < info->wh_dst_ofs) {

		if (!wormhash_sizes_valid(wh_src, info->wh_src_ofs, info->wh_dst_ofs))

			return -EINVAL;

	} else {

		if (!wormhash_sizes_valid(wh_dst, info->wh_dst_ofs, info->wh_src_ofs))

			return -EINVAL;

	}



	expected_length += ebt_mac_wormhash_size(wh_src);



	if (em->match_size != EBT_ALIGN(expected_length)) {

net/bridge/netfilter/ebtables.c

+5 −1
Original line number Diff line number Diff line
@@ -2119,8 +2119,12 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, 
	 * offsets are relative to beginning of struct ebt_entry (i.e., 0).

	 */

	for (i = 0; i < 4 ; ++i) {

		if (offsets[i] >= *total)

		if (offsets[i] > *total)

			return -EINVAL;



		if (i < 3 && offsets[i] == *total)

			return -EINVAL;



		if (i == 0)

			continue;

		if (offsets[i-1] > offsets[i])

net/netfilter/nf_tables_api.c

+1 −0
Original line number Diff line number Diff line
@@ -5423,6 +5423,7 @@ static void nf_tables_flowtable_notify(struct nft_ctx *ctx, 
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)

{

	cancel_delayed_work_sync(&flowtable->data.gc_work);

	kfree(flowtable->ops);

	kfree(flowtable->name);

	flowtable->data.type->free(&flowtable->data);

	rhashtable_destroy(&flowtable->data.rhashtable);

net/netfilter/nft_set_hash.c

+1 −1
Original line number Diff line number Diff line
@@ -674,7 +674,7 @@ static const struct nft_set_ops * 
nft_hash_select_ops(const struct nft_ctx *ctx, const struct nft_set_desc *desc,

		    u32 flags)

{

	if (desc->size) {

	if (desc->size && !(flags & NFT_SET_TIMEOUT)) {

		switch (desc->klen) {

		case 4:

			return &nft_hash_fast_ops;