b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET

All of lore.kernel.org
 help / color / mirror / Atom feed

* b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES")
@ 2019-03-12 18:07 Zubin Mithra
  2019-03-12 18:58 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Zubin Mithra @ 2019-03-12 18:07 UTC (permalink / raw)
  To: stable; +Cc: groeck, gregkh, pablo, kadlec, fw, sploving1

Hello,

Syzkaller has triggered a stack OOB read when fuzzing a 4.4 kernel with the following stacktrace.

Call Trace:
 [<ffffffff81cb9fad>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cb9fad>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff815275e9>] print_address_description mm/kasan/report.c:199 [inline]
 [<ffffffff815275e9>] kasan_report_error mm/kasan/report.c:285 [inline]
 [<ffffffff815275e9>] kasan_report.part.2.cold.3+0x447/0x4ec mm/kasan/report.c:310
 [<ffffffff814eca2e>] kasan_report mm/kasan/report.c:328 [inline]
 [<ffffffff814eca2e>] __asan_report_load1_noabort+0x2e/0x30 mm/kasan/report.c:328
 [<ffffffff81cd54d1>] strnlen+0xc1/0xd0 lib/string.c:498
 [<ffffffff81cdd6ac>] string.isra.4+0x4c/0x250 lib/vsprintf.c:518
 [<ffffffff81ce27da>] vsnprintf+0x42a/0x18c0 lib/vsprintf.c:1904
 [<ffffffff8114fd73>] __request_module+0x153/0x7a0 kernel/kmod.c:146
 [<ffffffff82986521>] find_inlist_lock.constprop.15+0x111/0x210 net/bridge/netfilter/ebtables.c:347
 [<ffffffff8298a942>] find_table_lock net/bridge/netfilter/ebtables.c:356 [inline]
 [<ffffffff8298a942>] do_ebt_get_ctl+0x152/0x570 net/bridge/netfilter/ebtables.c:1531
 [<ffffffff823e8bc5>] nf_sockopt net/netfilter/nf_sockopt.c:103 [inline]
 [<ffffffff823e8bc5>] nf_getsockopt+0x75/0xd0 net/netfilter/nf_sockopt.c:121
 [<ffffffff8261d60d>] ip_getsockopt+0x12d/0x170 net/ipv4/ip_sockglue.c:1533
 [<ffffffff826411cd>] tcp_getsockopt+0x8d/0xe0 net/ipv4/tcp.c:3040
 [<ffffffff82250c0f>] sock_common_getsockopt+0x9f/0xe0 net/core/sock.c:2652
 [<ffffffff8224e45d>] SYSC_getsockopt net/socket.c:1811 [inline]
 [<ffffffff8224e45d>] SyS_getsockopt+0x14d/0x230 net/socket.c:1793
 [<ffffffff82a5f3cf>] tracesys_phase2+0x90/0x95

Could the following patch be applied to v4.4.y? The patch is present in v4.9.y.
* b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES")

Tests run:
* Chrome OS tryjobs
* Syzkaller reproducer


Thanks,
- Zubin

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES")
  2019-03-12 18:07 b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES") Zubin Mithra
@ 2019-03-12 18:58 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2019-03-12 18:58 UTC (permalink / raw)
  To: Zubin Mithra; +Cc: stable, groeck, pablo, kadlec, fw, sploving1

On Tue, Mar 12, 2019 at 11:07:53AM -0700, Zubin Mithra wrote:
> Hello,
> 
> Syzkaller has triggered a stack OOB read when fuzzing a 4.4 kernel with the following stacktrace.
> 
> Call Trace:
>  [<ffffffff81cb9fad>] __dump_stack lib/dump_stack.c:15 [inline]
>  [<ffffffff81cb9fad>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
>  [<ffffffff815275e9>] print_address_description mm/kasan/report.c:199 [inline]
>  [<ffffffff815275e9>] kasan_report_error mm/kasan/report.c:285 [inline]
>  [<ffffffff815275e9>] kasan_report.part.2.cold.3+0x447/0x4ec mm/kasan/report.c:310
>  [<ffffffff814eca2e>] kasan_report mm/kasan/report.c:328 [inline]
>  [<ffffffff814eca2e>] __asan_report_load1_noabort+0x2e/0x30 mm/kasan/report.c:328
>  [<ffffffff81cd54d1>] strnlen+0xc1/0xd0 lib/string.c:498
>  [<ffffffff81cdd6ac>] string.isra.4+0x4c/0x250 lib/vsprintf.c:518
>  [<ffffffff81ce27da>] vsnprintf+0x42a/0x18c0 lib/vsprintf.c:1904
>  [<ffffffff8114fd73>] __request_module+0x153/0x7a0 kernel/kmod.c:146
>  [<ffffffff82986521>] find_inlist_lock.constprop.15+0x111/0x210 net/bridge/netfilter/ebtables.c:347
>  [<ffffffff8298a942>] find_table_lock net/bridge/netfilter/ebtables.c:356 [inline]
>  [<ffffffff8298a942>] do_ebt_get_ctl+0x152/0x570 net/bridge/netfilter/ebtables.c:1531
>  [<ffffffff823e8bc5>] nf_sockopt net/netfilter/nf_sockopt.c:103 [inline]
>  [<ffffffff823e8bc5>] nf_getsockopt+0x75/0xd0 net/netfilter/nf_sockopt.c:121
>  [<ffffffff8261d60d>] ip_getsockopt+0x12d/0x170 net/ipv4/ip_sockglue.c:1533
>  [<ffffffff826411cd>] tcp_getsockopt+0x8d/0xe0 net/ipv4/tcp.c:3040
>  [<ffffffff82250c0f>] sock_common_getsockopt+0x9f/0xe0 net/core/sock.c:2652
>  [<ffffffff8224e45d>] SYSC_getsockopt net/socket.c:1811 [inline]
>  [<ffffffff8224e45d>] SyS_getsockopt+0x14d/0x230 net/socket.c:1793
>  [<ffffffff82a5f3cf>] tracesys_phase2+0x90/0x95
> 
> Could the following patch be applied to v4.4.y? The patch is present in v4.9.y.
> * b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES")
> 
> Tests run:
> * Chrome OS tryjobs
> * Syzkaller reproducer

Now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-03-12 18:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-12 18:07 b301f2538759 ("netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES") Zubin Mithra
2019-03-12 18:58 ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.