Patch "netfilter: tproxy: bail out if IP has been disabled on the device" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    netfilter: tproxy: bail out if IP has been disabled on the device

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-tproxy-bail-out-if-ip-has-been-disabled-on.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d6aef109a4e48a71e890ccc60d1d427c8f36ae2a
Author: Florian Westphal <fw@xxxxxxxxx>
Date:   Mon May 13 12:27:15 2024 +0200

    netfilter: tproxy: bail out if IP has been disabled on the device
    
    [ Upstream commit 21a673bddc8fd4873c370caf9ae70ffc6d47e8d3 ]
    
    syzbot reports:
    general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI
    KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
    [..]
    RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62
    Call Trace:
     nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]
     nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168
    
    __in_dev_get_rcu() can return NULL, so check for this.
    
    Reported-and-tested-by: syzbot+b94a6818504ea90d7661@xxxxxxxxxxxxxxxxxxxxxxxxx
    Fixes: cc6eb4338569 ("tproxy: use the interface primary IP address as a default value for --on-ip")
    Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
    Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/ipv4/netfilter/nf_tproxy_ipv4.c b/net/ipv4/netfilter/nf_tproxy_ipv4.c
index 69e3317996043..73e66a088e25e 100644
--- a/net/ipv4/netfilter/nf_tproxy_ipv4.c
+++ b/net/ipv4/netfilter/nf_tproxy_ipv4.c
@@ -58,6 +58,8 @@ __be32 nf_tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr)
 
 	laddr = 0;
 	indev = __in_dev_get_rcu(skb->dev);
+	if (!indev)
+		return daddr;
 
 	in_dev_for_each_ifa_rcu(ifa, indev) {
 		if (ifa->ifa_flags & IFA_F_SECONDARY)




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux