Re: [PATCH nf] netfilter/xt_sctp: validate the flag_info count

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH nf] netfilter/xt_sctp: validate the flag_info count
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Wed, 30 Aug 2023 17:17:44 +0200
Cc: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Harald Welte <laforge@xxxxxxxxxxxxx>, "open list:NETFILTER" <netfilter-devel@xxxxxxxxxxxxxxx>, "open list:NETFILTER" <coreteam@xxxxxxxxxxxxx>, "open list:NETWORKING [GENERAL]" <netdev@xxxxxxxxxxxxxxx>, open list <linux-kernel@xxxxxxxxxxxxxxx>, Lucas Leong <wmliang@infosec.exchange>, stable@xxxxxxxxxx
In-reply-to: <20230828221255.124812-1-wander@redhat.com>

On Mon, Aug 28, 2023 at 07:12:55PM -0300, Wander Lairson Costa wrote:
> sctp_mt_check doesn't validate the flag_count field. An attacker can
> take advantage of that to trigger a OOB read and leak memory
> information.
> 
> Add the field validation in the checkentry function.

Applied to nf, thanks

References:
- [PATCH nf] netfilter/xt_sctp: validate the flag_info count
  - From: Wander Lairson Costa

Prev by Date: Re: [PATCH nft 5/5] datatype: check against negative "type" argument in datatype_lookup()
Next by Date: Re: [PATCH nf] netfilter/xt_u32: validate user space input
Previous by thread: [PATCH nf] netfilter/xt_sctp: validate the flag_info count
Next by thread: [syzbot] [netfilter?] INFO: rcu detected stall in tcp_setsockopt
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux