On Mon, Jul 27, 2020 at 07:07:30PM +0000, Will McVicker wrote:
> Hi,
> The attached patch fixes an OOB memory access security bug. The bug is
> already fixed in the upstream kernel due to the vulnerable code being
> refactored in commit fe2d0020994c ("netfilter: nat: remove
> l4proto->in_range") and commit d6c4c8ffb5e5 ("netfilter: nat: remove
> l3proto struct"), but the 4.19 and below LTS branches remain vulnerable.
> I have verifed the OOB kernel panic is fixed with this patch on both the
> 4.19 and 4.14 kernels using the approariate hardware.
>
> Please review the fix and apply to branches 4.19.y, 4.14.y, 4.9.y and
> 4.4.y.
This patch only applied to the 4.19.y tree, it failed to apply to all of
the other branches:
Applying patch netfilter-nat-add-range-checks-for-access-to-nf_nat_lprotos.patch
patching file net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
patching file net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
patching file net/netfilter/nf_nat_core.c
Hunk #1 succeeded at 45 (offset -19 lines).
Hunk #2 succeeded at 298 with fuzz 1 (offset -23 lines).
Hunk #3 succeeded at 309 (offset -23 lines).
Hunk #4 succeeded at 376 (offset -24 lines).
Hunk #5 succeeded at 399 (offset -24 lines).
Hunk #6 succeeded at 419 (offset -24 lines).
Hunk #7 FAILED at 526.
Hunk #8 succeeded at 733 (offset -100 lines).
1 out of 8 hunks FAILED -- rejects in file net/netfilter/nf_nat_core.c
patching file net/netfilter/nf_nat_helper.c
And you didn't cc: the netfilter developers for this, are they ok with
this? I need an ack from them to be able to take this.
Can you fix this up, resend working versions for all branches, and get
their acks?
thanks,
greg k-h
