torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-05 22:19:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
887,007 Commits 2 Branches 925 Tags
e608f631f0ba5f1fc5ee2e260a3a35d13107cbfe
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Florian Westphal e608f631f0 netfilter: ebtables: compat: reject all padding in matches/watchers 
syzbot reported following splat:

BUG: KASAN: vmalloc-out-of-bounds in size_entry_mwt net/bridge/netfilter/ebtables.c:2063 [inline]
BUG: KASAN: vmalloc-out-of-bounds in compat_copy_entries+0x128b/0x1380 net/bridge/netfilter/ebtables.c:2155
Read of size 4 at addr ffffc900004461f4 by task syz-executor267/7937

CPU: 1 PID: 7937 Comm: syz-executor267 Not tainted 5.5.0-rc1-syzkaller #0
 size_entry_mwt net/bridge/netfilter/ebtables.c:2063 [inline]
 compat_copy_entries+0x128b/0x1380 net/bridge/netfilter/ebtables.c:2155
 compat_do_replace+0x344/0x720 net/bridge/netfilter/ebtables.c:2249
 compat_do_ebt_set_ctl+0x22f/0x27e net/bridge/netfilter/ebtables.c:2333
 [..]

Because padding isn't considered during computation of ->buf_user_offset,
"total" is decremented by fewer bytes than it should.

Therefore, the first part of

if (*total < sizeof(*entry) || entry->next_offset < sizeof(*entry))

will pass, -- it should not have.  This causes oob access:
entry->next_offset is past the vmalloced size.

Reject padding and check that computed user offset (sum of ebt_entry
structure plus all individual matches/watchers/targets) is same
value that userspace gave us as the offset of the next entry.

Reported-by: syzbot+f68108fed972453a0ad4@syzkaller.appspotmail.com
Fixes: 81e675c227 ("netfilter: ebtables: add CONFIG_COMPAT support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-12-20 02:12:27 +01:00
arch
bpf, mips: Limit to 33 tail calls
2019-12-11 13:57:22 +01:00
block
block: fix memleak of bio integrity data
2019-12-05 11:38:36 -07:00
certs
certs: Add wrapper function to check blacklisted binary hash
2019-11-12 12:25:50 +11:00
crypto
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2019-11-25 19:49:58 -08:00
Documentation
Merge tag 'linux-can-fixes-for-5.5-20191208' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
2019-12-09 09:27:47 -08:00
drivers
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2019-12-19 14:20:47 -08:00
fs
Merge tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6
2019-12-08 12:12:18 -08:00
include
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2019-12-19 14:20:47 -08:00
init
init/Kconfig: fix indentation
2019-12-04 19:44:13 -08:00
ipc
y2038: remove CONFIG_64BIT_TIME
2019-11-15 14:38:27 +01:00
kernel
bpf: Fix record_func_key to perform backtracking on r3
2019-12-19 13:39:22 -08:00
lib
lib/: fix Kconfig indentation
2019-12-07 11:00:19 -08:00
LICENSES
LICENSES: Rename other to deprecated
2019-05-03 06:34:32 -06:00
mm
Merge branch 'akpm' (patches from Andrew)
2019-12-05 09:46:26 -08:00
net
netfilter: ebtables: compat: reject all padding in matches/watchers
2019-12-20 02:12:27 +01:00
samples
samples: bpf: fix syscall_tp due to unused syscall
2019-12-11 15:28:06 -08:00
scripts
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-12-08 13:28:11 -08:00
security
Merge tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
2019-12-03 12:51:35 -08:00
sound
Merge tag 'sound-fix-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
2019-12-06 13:06:14 -08:00
tools
selftests: netfilter: extend flowtable test script with dnat rule
2019-12-20 02:12:27 +01:00
usr
arch: sembuf.h: make uapi asm/sembuf.h self-contained
2019-12-04 19:44:14 -08:00
virt
KVM: Fix jump label out_free_* in kvm_init()
2019-11-23 11:29:17 +01:00
.clang-format
clang-format: Update with the latest for_each macro list
2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
modpost: dump missing namespaces into a single modules.nsdeps file
2019-11-11 20:10:01 +09:00
.mailmap
mailmap: add entry for myself
2019-12-13 15:15:33 -08:00
COPYING
COPYING: use the new text with points to the license files
2018-03-23 12:41:45 -06:00
CREDITS
Merge tag 'v5.4-rc4' into docs-next
2019-10-29 04:43:29 -06:00
Kbuild
kbuild: do not descend to ./Kbuild when cleaning
2019-08-21 21:03:58 +09:00
Kconfig
docs: kbuild: convert docs to ReST and rename to *.rst
2019-06-14 14:21:21 -06:00
MAINTAINERS
MAINTAINERS: Add maintainers for rmnet
2019-12-13 15:14:24 -08:00
Makefile
Linux 5.5-rc1
2019-12-08 14:57:55 -08:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 3.7 GiB
Languages
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%