From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 05/05]: ebtables: don't compute gap before checking struct type
Date: Thu, 4 Jan 2007 19:38:27 +0100 (MET) [thread overview]
Message-ID: <20070104183827.18369.42643.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20070104183820.18369.3658.sendpatchset@localhost.localdomain>
[NETFILTER]: ebtables: don't compute gap before checking struct type
We cannot compute the gap until we know we have a 'struct ebt_entry' and
not 'struct ebt_entries'. Failure to check can cause crash.
Tested-by: Santiago Garcia Mantinan <manty@manty.net>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 5a6aa046d38ffffa96ee2c6cbba0ea7fa405abdf
tree d7215dd5b39707affd4ce0e70d313335ffd85611
parent 36263425185d6993ca8af49ad6e7d1af66846d9c
author Chuck Ebbert <76306.1226@compuserve.com> Thu, 04 Jan 2007 19:28:53 +0100
committer Patrick McHardy <kaber@trash.net> Thu, 04 Jan 2007 19:28:53 +0100
net/bridge/netfilter/ebtables.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index bee558a..6c84ccb 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -610,7 +610,7 @@ ebt_check_entry(struct ebt_entry *e, str
struct ebt_entry_target *t;
struct ebt_target *target;
unsigned int i, j, hook = 0, hookmask = 0;
- size_t gap = e->next_offset - e->target_offset;
+ size_t gap;
int ret;
/* don't mess with the struct ebt_entries */
@@ -660,6 +660,7 @@ ebt_check_entry(struct ebt_entry *e, str
if (ret != 0)
goto cleanup_watchers;
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
+ gap = e->next_offset - e->target_offset;
target = find_target_lock(t->u.name, &ret, &ebt_mutex);
if (!target)
goto cleanup_watchers;
next prev parent reply other threads:[~2007-01-04 18:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-04 18:38 [NETFILTER 00/05]: Netfilter fixes Patrick McHardy
2007-01-04 18:38 ` [NETFILTER 01/05]: compat offsets size change Patrick McHardy
2007-01-04 20:14 ` David Miller
2007-01-04 18:38 ` [NETFILTER 02/05]: Fix routing of REJECT target generated packets in output chain Patrick McHardy
2007-01-04 20:15 ` David Miller
2007-01-04 18:38 ` [NETFILTER 03/05]: New connection tracking is not EXPERIMENTAL anymore Patrick McHardy
2007-01-04 20:16 ` David Miller
2007-01-04 18:38 ` [NETFILTER 04/05]: nf_nat: fix MASQUERADE crash on device down Patrick McHardy
2007-01-04 20:17 ` David Miller
2007-01-04 18:38 ` Patrick McHardy [this message]
2007-01-04 20:18 ` [NETFILTER 05/05]: ebtables: don't compute gap before checking struct type David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070104183827.18369.42643.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.