[PATCH] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error.
@ 2016-06-01  8:34 Xiubo Li
  2016-06-01  9:27 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 5+ messages in thread
From: Xiubo Li @ 2016-06-01  8:34 UTC (permalink / raw)
  To: pablo, kaber, kadlec, davem
  Cc: netfilter-devel, netfilter, coreteam, netdev, Xiubo Li

Since we cannot make sure the 'hook_mask' will always be none zero
here. If it equals to zero, the num_hooks will be zero too, and then
kmalloc() will return ZERO_SIZE_PTR, which is (void *)16.

Then the following error check will fails:
  ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
  if (ops == NULL)
          return ERR_PTR(-ENOMEM);

So this patch fix this with just doing the zero check before calling
kmalloc() is called.

Maybe the case above will never happen here, but in theory.

Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
---
 net/netfilter/x_tables.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index c8a0b7d..4df8e38 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1185,6 +1185,9 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
 	struct nf_hook_ops *ops;
 	int ret;

+	if (!num_hooks)
+		return ERR_PTR(-EINVAL);
+
 	ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
 	if (ops == NULL)
 		return ERR_PTR(-ENOMEM);
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error.
  2016-06-01  8:34 [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error Xiubo Li
@ 2016-06-01  9:27 ` Pablo Neira Ayuso
  2016-06-01  9:52   ` [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointerdereferencing error Xiubo Li
  0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2016-06-01  9:27 UTC (permalink / raw)
  To: Xiubo Li; +Cc: kaber, kadlec, davem, netfilter-devel, netfilter, coreteam,
	netdev

On Wed, Jun 01, 2016 at 04:34:28PM +0800, Xiubo Li wrote:
> Since we cannot make sure the 'hook_mask' will always be none zero
> here. If it equals to zero, the num_hooks will be zero too, and then
> kmalloc() will return ZERO_SIZE_PTR, which is (void *)16.
> 
> Then the following error check will fails:
>   ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
>   if (ops == NULL)
>           return ERR_PTR(-ENOMEM);
> 
> So this patch fix this with just doing the zero check before calling
> kmalloc() is called.
> 
> Maybe the case above will never happen here, but in theory.
> 
> Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
> ---
>  net/netfilter/x_tables.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index c8a0b7d..4df8e38 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1185,6 +1185,9 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)

What kernel version are you using? I don't see xt_hook_link() in the
development tree.

>  	struct nf_hook_ops *ops;
>  	int ret;
>  
> +	if (!num_hooks)
> +		return ERR_PTR(-EINVAL);
> +
>  	ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
>  	if (ops == NULL)
>  		return ERR_PTR(-ENOMEM);
> -- 
> 1.8.3.1
> 
> 
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointerdereferencing error.
  2016-06-01  9:27 ` Pablo Neira Ayuso
@ 2016-06-01  9:52   ` Xiubo Li
  2016-06-01 11:04     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 5+ messages in thread
From: Xiubo Li @ 2016-06-01  9:52 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: kaber, kadlec, davem, netfilter-devel, netfilter, coreteam,
	netdev

>>   net/netfilter/x_tables.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
>> index c8a0b7d..4df8e38 100644
>> --- a/net/netfilter/x_tables.c
>> +++ b/net/netfilter/x_tables.c
>> @@ -1185,6 +1185,9 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
>
> What kernel version are you using? I don't see xt_hook_link() in the
> development tree.

Sorry, in the wrong tree, i just work on linux-next tree, forget to 
checkout the newest tags.

Should I will use nf.git tree or others instead ?

>


Thanks very much.

BRs
Xiubo Li



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointerdereferencing error.
  2016-06-01  9:52   ` [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointerdereferencing error Xiubo Li
@ 2016-06-01 11:04     ` Pablo Neira Ayuso
  2016-06-02  2:40       ` [PATCH] netfilter: fix possible ZERO_SIZE_PTRpointerdereferencing error Xiubo Li
  0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2016-06-01 11:04 UTC (permalink / raw)
  To: Xiubo Li; +Cc: kaber, kadlec, davem, netfilter-devel, netfilter, coreteam,
	netdev

On Wed, Jun 01, 2016 at 05:52:59PM +0800, Xiubo Li wrote:
> >>  net/netfilter/x_tables.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >>diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> >>index c8a0b7d..4df8e38 100644
> >>--- a/net/netfilter/x_tables.c
> >>+++ b/net/netfilter/x_tables.c
> >>@@ -1185,6 +1185,9 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
> >
> >What kernel version are you using? I don't see xt_hook_link() in the
> >development tree.
> 
> Sorry, in the wrong tree, i just work on linux-next tree, forget to checkout
> the newest tags.
> 
> Should I will use nf.git tree or others instead ?

Yes please, thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] netfilter: fix possible ZERO_SIZE_PTRpointerdereferencing error.
  2016-06-01 11:04     ` Pablo Neira Ayuso
@ 2016-06-02  2:40       ` Xiubo Li
  0 siblings, 0 replies; 5+ messages in thread
From: Xiubo Li @ 2016-06-02  2:40 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: kaber, kadlec, davem, netfilter-devel, netfilter, coreteam,
	netdev



On 01/06/2016 19:04, Pablo Neira Ayuso wrote:
> On Wed, Jun 01, 2016 at 05:52:59PM +0800, Xiubo Li wrote:
>>>>   net/netfilter/x_tables.c | 3 +++
>>>>   1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
>>>> index c8a0b7d..4df8e38 100644
>>>> --- a/net/netfilter/x_tables.c
>>>> +++ b/net/netfilter/x_tables.c
>>>> @@ -1185,6 +1185,9 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
>>>
>>> What kernel version are you using? I don't see xt_hook_link() in the
>>> development tree.
>>
>> Sorry, in the wrong tree, i just work on linux-next tree, forget to checkout
>> the newest tags.
>>
>> Should I will use nf.git tree or others instead ?
>
> Yes please, thanks.
>

Okay.

Thanks,

BRs
Xiubo Li



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-06-02  2:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-01  8:34 [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointer dereferencing error Xiubo Li
2016-06-01  9:27 ` Pablo Neira Ayuso
2016-06-01  9:52   ` [PATCH] netfilter: fix possible ZERO_SIZE_PTR pointerdereferencing error Xiubo Li
2016-06-01 11:04     ` Pablo Neira Ayuso
2016-06-02  2:40       ` [PATCH] netfilter: fix possible ZERO_SIZE_PTRpointerdereferencing error Xiubo Li

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.