From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 188A1C433EF for ; Fri, 8 Jul 2022 11:25:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237215AbiGHLZV (ORCPT ); Fri, 8 Jul 2022 07:25:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237610AbiGHLZU (ORCPT ); Fri, 8 Jul 2022 07:25:20 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DC3E8737B for ; Fri, 8 Jul 2022 04:25:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id D39A5CE27BD for ; Fri, 8 Jul 2022 11:25:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BC4C0C341C0; Fri, 8 Jul 2022 11:25:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1657279514; bh=3/DCo/1l6TLOd8U1py5CtZoqa+Mq1XTR1r8kwv8Qfrc=; h=Subject:To:Cc:From:Date:From; b=aXenSygie8POg9fvGV2cqV/tqaUqdw5xFGeBA2siwmVOc0mR6N19KWZzF/xjl4No5 CCUEUD8blUCjLLxfC4xns/VUhPzL0ko73mLYS2Wj6vlIyCz96sNpBRpH7WuO7vcOCB B/MStR2xNYb8h3Y7uSkeiX4DUzd4n1F888YjfW9Q= Subject: FAILED: patch "[PATCH] netfilter: nf_tables: stricter validation of element data" failed to apply to 4.9-stable tree To: pablo@netfilter.org, hanguelkov@randorisec.fr Cc: From: Date: Fri, 08 Jul 2022 13:25:01 +0200 Message-ID: <165727950139106@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 2 Jul 2022 04:16:30 +0200 Subject: [PATCH] netfilter: nf_tables: stricter validation of element data Make sure element data type and length do not mismatch the one specified by the set declaration. Fixes: 7d7402642eaf ("netfilter: nf_tables: variable sized set element keys / data") Reported-by: Hugues ANGUELKOV Signed-off-by: Pablo Neira Ayuso diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 51144fc66889..d6b59beab3a9 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5213,13 +5213,20 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, struct nft_data *data, struct nlattr *attr) { + u32 dtype; int err; err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr); if (err < 0) return err; - if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) { + if (set->dtype == NFT_DATA_VERDICT) + dtype = NFT_DATA_VERDICT; + else + dtype = NFT_DATA_VALUE; + + if (dtype != desc->type || + set->dlen != desc->len) { nft_data_release(data, desc->type); return -EINVAL; }