Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a919af8f authored by Florian Westphal's avatar Florian Westphal Committed by Srinivasa Rao Kuppala
Browse files

netfilter: add back stackpointer size checks 



The rationale for removing the check is only correct for rulesets
generated by ip(6)tables.

In iptables, a jump can only occur to a user-defined chain, i.e.
because we size the stack based on number of user-defined chains we
cannot exceed stack size.

However, the underlying binary format has no such restriction,
and the validation step only ensures that the jump target is a
valid rule start point.

IOW, its possible to build a rule blob that has no user-defined
chains but does contain a jump.

If this happens, no jump stack gets allocated and crash occurs
because no jumpstack was allocated.

Fixes: 7814b6ec ("netfilter: xtables: don't save/restore jumpstack offset")
Reported-by: default avatar <syzbot+e783f671527912cd9403@syzkaller.appspotmail.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Git-commit: 57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
[srkupp@codeaurora.org: Resolved minor conflict]
Signed-off-by: default avatarSrinivasa Rao Kuppala <srkupp@codeaurora.org>
Change-Id: I417d9164f95aae0d4ca2164a26d5d2fb7ec1ab10
parent cb2e955c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment