From: Gao Feng <gfree.wind@xxxxxxxxxxx> The info->target is from userspace and it would be used directly. So we need to add the sanity check to make sure it is a valid standard target, although the ebtables tool has already checked it. Kernel need to check anything from userspace. If the target was set as an evil value, it would break the ebtables and cause a panic. Because the non-standard target is treated as one offset. Signed-off-by: Gao Feng <gfree.wind@xxxxxxxxxxx> --- net/bridge/netfilter/ebt_arpreply.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 5929309..c4886d9 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c @@ -68,6 +68,9 @@ static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par) if (e->ethproto != htons(ETH_P_ARP) || e->invflags & EBT_IPROTO) return -EINVAL; + if (INVALID_TARGET) + return -EINVAL; + return 0; } -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
