From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:44865 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753076AbcFVVTL (ORCPT
	<rfc822;stable@vger.kernel.org>); Wed, 22 Jun 2016 17:19:11 -0400
Subject: Patch "netfilter: x_tables: assert minimum target size" has been added to the 4.6-stable tree
To: fw@strlen.de, gregkh@linuxfoundation.org, pablo@netfilter.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Wed, 22 Jun 2016 14:19:09 -0700
Message-ID: <146663034963124@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    netfilter: x_tables: assert minimum target size

to the 4.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-x_tables-assert-minimum-target-size.patch
and it can be found in the queue-4.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From a08e4e190b866579896c09af59b3bdca821da2cd Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 1 Apr 2016 14:17:25 +0200
Subject: netfilter: x_tables: assert minimum target size

From: Florian Westphal <fw@strlen.de>

commit a08e4e190b866579896c09af59b3bdca821da2cd upstream.

The target size includes the size of the xt_entry_target struct.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/x_tables.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -568,6 +568,9 @@ int xt_check_entry_offsets(const void *b
 		return -EINVAL;
 
 	t = (void *)(e + target_offset);
+	if (t->u.target_size < sizeof(*t))
+		return -EINVAL;
+
 	if (target_offset + t->u.target_size > next_offset)
 		return -EINVAL;
 


Patches currently in stable-queue which might be from fw@strlen.de are

queue-4.6/netfilter-x_tables-add-and-use-xt_check_entry_offsets.patch
queue-4.6/netfilter-x_tables-assert-minimum-target-size.patch
queue-4.6/netfilter-x_tables-add-compat-version-of-xt_check_entry_offsets.patch
queue-4.6/netfilter-x_tables-check-for-bogus-target-offset.patch
queue-4.6/netfilter-x_tables-validate-targets-of-jumps.patch
queue-4.6/netfilter-x_tables-don-t-move-to-non-existent-next-rule.patch
queue-4.6/netfilter-x_tables-kill-check_entry-helper.patch
queue-4.6/netfilter-x_tables-check-standard-target-size-too.patch
queue-4.6/netfilter-x_tables-validate-all-offsets-and-sizes-in-a-rule.patch