Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e99400d authored by Wander Lairson Costa's avatar Wander Lairson Costa Committed by Lee Jones
Browse files

UPSTREAM: netfilter: xt_sctp: validate the flag_info count 



commit e99476497687ef9e850748fe6d232264f30bc8f9 upstream.

sctp_mt_check doesn't validate the flag_count field. An attacker can
take advantage of that to trigger a OOB read and leak memory
information.

Add the field validation in the checkentry function.

Bug: 304913898
Fixes: 2e4e6a17 ("[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables")
Cc: stable@vger.kernel.org
Reported-by: default avatarLucas Leong <wmliang@infosec.exchange>
Signed-off-by: default avatarWander Lairson Costa <wander@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 4921f9349b66da7c5a2b6418fe45e9ae0ae72924)
Signed-off-by: default avatarLee Jones <joneslee@google.com>
Change-Id: Ife4e69f6218fdaca2a8647b5ed00d875a5ed0d34
parent 16645e28
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment