* [PATCH -nf] nft: masq: fix uninitialized range in nft_masq_{ipv4,ipv6}_eval
@ 2014-11-07 14:34 Daniel Borkmann
2014-11-10 19:20 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Daniel Borkmann @ 2014-11-07 14:34 UTC (permalink / raw)
To: pablo; +Cc: arturo.borrero.glez, netfilter-devel
When transferring from the original range in nf_nat_masquerade_{ipv4,ipv6}()
we copy over values from stack in from min_proto/max_proto due to uninitialized
range variable in both, nft_masq_{ipv4,ipv6}_eval. As we only initialize
flags at this time from nft_masq struct, just zero out the rest.
Fixes: 9ba1f726bec09 ("netfilter: nf_tables: add new nft_masq expression")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
net/ipv4/netfilter/nft_masq_ipv4.c | 1 +
net/ipv6/netfilter/nft_masq_ipv6.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c
index c1023c4..665de06 100644
--- a/net/ipv4/netfilter/nft_masq_ipv4.c
+++ b/net/ipv4/netfilter/nft_masq_ipv4.c
@@ -24,6 +24,7 @@ static void nft_masq_ipv4_eval(const struct nft_expr *expr,
struct nf_nat_range range;
unsigned int verdict;
+ memset(&range, 0, sizeof(range));
range.flags = priv->flags;
verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
diff --git a/net/ipv6/netfilter/nft_masq_ipv6.c b/net/ipv6/netfilter/nft_masq_ipv6.c
index 8a7ac68..529c119 100644
--- a/net/ipv6/netfilter/nft_masq_ipv6.c
+++ b/net/ipv6/netfilter/nft_masq_ipv6.c
@@ -25,6 +25,7 @@ static void nft_masq_ipv6_eval(const struct nft_expr *expr,
struct nf_nat_range range;
unsigned int verdict;
+ memset(&range, 0, sizeof(range));
range.flags = priv->flags;
verdict = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out);
--
1.7.11.7
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH -nf] nft: masq: fix uninitialized range in nft_masq_{ipv4,ipv6}_eval
2014-11-07 14:34 [PATCH -nf] nft: masq: fix uninitialized range in nft_masq_{ipv4,ipv6}_eval Daniel Borkmann
@ 2014-11-10 19:20 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-11-10 19:20 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: arturo.borrero.glez, netfilter-devel
On Fri, Nov 07, 2014 at 03:34:54PM +0100, Daniel Borkmann wrote:
> When transferring from the original range in nf_nat_masquerade_{ipv4,ipv6}()
> we copy over values from stack in from min_proto/max_proto due to uninitialized
> range variable in both, nft_masq_{ipv4,ipv6}_eval. As we only initialize
> flags at this time from nft_masq struct, just zero out the rest.
Applied, thanks Daniel!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-10 19:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-07 14:34 [PATCH -nf] nft: masq: fix uninitialized range in nft_masq_{ipv4,ipv6}_eval Daniel Borkmann
2014-11-10 19:20 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).