From: Florian Westphal <fw@strlen.de>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org
Subject: Re: [PATCH 07/23] netfilter: x_tables: check standard target size too
Date: Mon, 6 Jun 2016 00:02:10 +0200 [thread overview]
Message-ID: <20160605220210.GA7827@breakpoint.cc> (raw)
In-Reply-To: <8760tn5ojb.fsf@linux-m68k.org>
Andreas Schwab <schwab@linux-m68k.org> wrote:
> > From: Florian Westphal <fw@strlen.de>
> >
> > We have targets and standard targets -- the latter carries a verdict.
> >
> > The ip/ip6tables validation functions will access t->verdict for the
> > standard targets to fetch the jump offset or verdict for chainloop
> > detection, but this happens before the targets get checked/validated.
> >
> > Thus we also need to check for verdict presence here, else t->verdict
> > can point right after a blob.
> >
> > Spotted with UBSAN while testing malformed blobs.
>
> This breaks iptables on PPC32.
Yes, we got bug report for arm32, I'm sorry about this -- only 32bit
platform I tested was i686 and that only needs 4byte alignment for u64.
This fix should help:
https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=7b7eba0f3515fca3296b8881d583f7c1042f5226
next prev parent reply other threads:[~2016-06-05 22:02 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-22 13:39 [PATCH 00/23] Netfilter updates for net-next Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 01/23] netfilter: x_tables: don't move to non-existent next rule Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 02/23] netfilter: x_tables: validate targets of jumps Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 03/23] netfilter: x_tables: add and use xt_check_entry_offsets Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 04/23] netfilter: x_tables: kill check_entry helper Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 05/23] netfilter: x_tables: assert minimum target size Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 06/23] netfilter: x_tables: add compat version of xt_check_entry_offsets Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 07/23] netfilter: x_tables: check standard target size too Pablo Neira Ayuso
2016-06-05 21:11 ` Andreas Schwab
2016-06-05 22:02 ` Florian Westphal [this message]
2016-06-06 11:20 ` Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 08/23] netfilter: x_tables: check for bogus target offset Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 09/23] netfilter: x_tables: validate all offsets and sizes in a rule Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 10/23] netfilter: ip_tables: simplify translate_compat_table args Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 11/23] netfilter: ip6_tables: " Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 12/23] netfilter: arp_tables: " Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 13/23] netfilter: x_tables: xt_compat_match_from_user doesn't need a retval Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 14/23] netfilter: x_tables: do compat validation via translate_table Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 15/23] netfilter: x_tables: remove obsolete overflow check for compat case too Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 16/23] netfilter: x_tables: remove obsolete check Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 17/23] netfilter: x_tables: introduce and use xt_copy_counters_from_user Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 18/23] netfilter: ctnetlink: remove unnecessary inlining Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 19/23] netfilter: connlabels: move helpers to xt_connlabel Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 20/23] netfilter: labels: don't emit ct event if labels were not changed Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 21/23] netfilter: connlabels: change nf_connlabels_get bit arg to 'highest used' Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 22/23] netfilter: ctnetlink: restore inlining for netlink message size calculation Pablo Neira Ayuso
2016-04-22 13:39 ` [PATCH 23/23] netfilter: conntrack: don't acquire lock during seq_printf Pablo Neira Ayuso
2016-04-24 4:26 ` [PATCH 00/23] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160605220210.GA7827@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.