On Fri, May 12, 2017 at 05:44:10PM +0800, gfree.wind@xxxxxxxxxxx wrote:
> From: Gao Feng <gfree.wind@xxxxxxxxxxx>
>
> The info->target is from userspace and it would be used directly.
> So we need to add the sanity check to make sure it is a valid standard
> target, although the ebtables tool has already checked it. Kernel need
> to check anything from userspace.
>
> If the target was set as an evil value, it would break the ebtables
> and cause a panic. Because the non-standard target is treated as one
> offset.
>
> Signed-off-by: Gao Feng <gfree.wind@xxxxxxxxxxx>
> ---
> net/bridge/netfilter/ebt_arpreply.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
> index 5929309..c4886d9 100644
> --- a/net/bridge/netfilter/ebt_arpreply.c
> +++ b/net/bridge/netfilter/ebt_arpreply.c
> @@ -68,6 +68,9 @@ static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
> if (e->ethproto != htons(ETH_P_ARP) ||
> e->invflags & EBT_IPROTO)
> return -EINVAL;
> + if (INVALID_TARGET)
Please, add:
static inline bool ebt_invalid_target(int target)
{
return (target < -NUM_STANDARD_TARGETS || target >= 0);
}
and use it in this fix.
So we can get rid of this obscure INVALID_TARGET macro.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
