[NETFILTER]: xt_hashlimit/xt_string: missing string validation

All of lore.kernel.org
 help / color / mirror / Atom feed

* [NETFILTER]: xt_hashlimit/xt_string: missing string validation
@ 2006-08-01  6:39 Patrick McHardy
  2006-08-01 15:50 ` James Morris
  0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2006-08-01  6:39 UTC (permalink / raw)
  To: David S. Miller; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: 02.diff --]
[-- Type: text/plain, Size: 1881 bytes --]

[NETFILTER]: xt_hashlimit/xt_string: missing string validation

The hashlimit table name and the textsearch algorithm need to be
terminated, the textsearch pattern length must not exceed the
maximum size.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 873fed085b72ad38b565906676ec8fd44e27bb25
tree 0c7cf87c9a95838d3360f11194a960eb915085b3
parent e8b121382d0690c0d92b6134bb60e7626cd49284
author Patrick McHardy <kaber@trash.net> Tue, 01 Aug 2006 08:24:03 +0200
committer Patrick McHardy <kaber@trash.net> Tue, 01 Aug 2006 08:24:03 +0200

 net/ipv4/netfilter/ipt_hashlimit.c |    3 +++
 net/netfilter/xt_string.c          |    5 ++++-
 2 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 92980ab..6b66244 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -508,6 +508,9 @@ hashlimit_checkentry(const char *tablena
 	if (!r->cfg.expire)
 		return 0;
 
+	if (r->name[sizeof(r->name) - 1] != '\0')
+		return 0;
+
 	/* This is the best we've got: We cannot release and re-grab lock,
 	 * since checkentry() is called before ip_tables.c grabs ipt_mutex.  
 	 * We also cannot grab the hashtable spinlock, since htable_create will 
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 0ebb6ac..d8e3891 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -55,7 +55,10 @@ static int checkentry(const char *tablen
 	/* Damn, can't handle this case properly with iptables... */
 	if (conf->from_offset > conf->to_offset)
 		return 0;
-
+	if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
+	    	return 0;
+	if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
+		return 0;
 	ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
 				     GFP_KERNEL, TS_AUTOLOAD);
 	if (IS_ERR(ts_conf))

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [NETFILTER]: xt_hashlimit/xt_string: missing string validation
  2006-08-01  6:39 [NETFILTER]: xt_hashlimit/xt_string: missing string validation Patrick McHardy
@ 2006-08-01 15:50 ` James Morris
  0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2006-08-01 15:50 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Netfilter Development Mailinglist, David S. Miller


> Signed-off-by: Patrick McHardy <kaber@trash.net>

Acked-by: James Morris <jmorris@namei.org>




-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2006-08-01 15:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-01  6:39 [NETFILTER]: xt_hashlimit/xt_string: missing string validation Patrick McHardy
2006-08-01 15:50 ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.