Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit 03b58999 authored by Florian Westphal's avatar Florian Westphal Committed by Harsh Shandilya
Browse files

netfilter: x_tables: validate all offsets and sizes in a rule 



commit 13631bfc604161a9d69cd68991dff8603edd66f9 upstream.

Validate that all matches (if any) add up to the beginning of
the target and that each match covers at least the base structure size.

The compat path should be able to safely re-use the function
as the structures only differ in alignment; added a
BUILD_BUG_ON just in case we have an arch that adds padding as well.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 6a7381d5
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment