[NETFILTER]: ctnetlink: Add sanity checkings for ICMP (90c4656e) · Commits · e / devices / android_kernel_oneplus_sm7250

net/ipv4/netfilter/ip_conntrack_proto_icmp.c

+24 −19

Original line number	Original line	Diff line number	Diff line
	@@ -47,20 +47,21 @@ static int icmp_pkt_to_tuple(const struct sk_buff *skb,
	return 1;		return 1;
	}		}

	static int icmp_invert_tuple(struct ip_conntrack_tuple *tuple,
	const struct ip_conntrack_tuple *orig)
	{
	/* Add 1; spaces filled with 0. */		/* Add 1; spaces filled with 0. */
	static const u_int8_t invmap[]		static const u_int8_t invmap[] = {
	= { [ICMP_ECHO] = ICMP_ECHOREPLY + 1,		[ICMP_ECHO] = ICMP_ECHOREPLY + 1,
	[ICMP_ECHOREPLY] = ICMP_ECHO + 1,		[ICMP_ECHOREPLY] = ICMP_ECHO + 1,
	[ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,		[ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
	[ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,		[ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
	[ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,		[ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
	[ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,		[ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
	[ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,		[ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
	[ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};		[ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
			};

			static int icmp_invert_tuple(struct ip_conntrack_tuple *tuple,
			const struct ip_conntrack_tuple *orig)
			{
	if (orig->dst.u.icmp.type >= sizeof(invmap)		if (orig->dst.u.icmp.type >= sizeof(invmap)
	\|\| !invmap[orig->dst.u.icmp.type])		\|\| !invmap[orig->dst.u.icmp.type])
	return 0;		return 0;
	@@ -110,6 +111,10 @@ static int icmp_packet(struct ip_conntrack *ct,
	return NF_ACCEPT;		return NF_ACCEPT;
	}		}

			/* Called when a new connection for this protocol found. */
			static int icmp_new(struct ip_conntrack *conntrack,
			const struct sk_buff *skb)
			{
	static const u_int8_t valid_new[] = {		static const u_int8_t valid_new[] = {
	[ICMP_ECHO] = 1,		[ICMP_ECHO] = 1,
	[ICMP_TIMESTAMP] = 1,		[ICMP_TIMESTAMP] = 1,
	@@ -117,10 +122,6 @@ static const u_int8_t valid_new[] = {
	[ICMP_ADDRESS] = 1		[ICMP_ADDRESS] = 1
	};		};

	/* Called when a new connection for this protocol found. */
	static int icmp_new(struct ip_conntrack *conntrack,
	const struct sk_buff *skb)
	{
	if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new)		if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new)
	\|\| !valid_new[conntrack->tuplehash[0].tuple.dst.u.icmp.type]) {		\|\| !valid_new[conntrack->tuplehash[0].tuple.dst.u.icmp.type]) {
	/* Can't create a new ICMP `conn' with this. */		/* Can't create a new ICMP `conn' with this. */
	@@ -291,7 +292,7 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[],
	if (!tb[CTA_PROTO_ICMP_TYPE-1]		if (!tb[CTA_PROTO_ICMP_TYPE-1]
	\|\| !tb[CTA_PROTO_ICMP_CODE-1]		\|\| !tb[CTA_PROTO_ICMP_CODE-1]
	\|\| !tb[CTA_PROTO_ICMP_ID-1])		\|\| !tb[CTA_PROTO_ICMP_ID-1])
	return -1;		return -EINVAL;

	tuple->dst.u.icmp.type =		tuple->dst.u.icmp.type =
	(u_int8_t )NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]);		(u_int8_t )NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]);
	@@ -300,6 +301,10 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[],
	tuple->src.u.icmp.id =		tuple->src.u.icmp.id =
	(u_int16_t )NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]);		(u_int16_t )NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]);

			if (tuple->dst.u.icmp.type >= sizeof(invmap)
			\|\| !invmap[tuple->dst.u.icmp.type])
			return -EINVAL;

	return 0;		return 0;
	}		}
	#endif		#endif