Patch "netfilter: x_tables: don't reject valid target size on some architectures" has been added to the 3.14-stable tree

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Patch "netfilter: x_tables: don't reject valid target size on some architectures" has been added to the 3.14-stable tree
@ 2016-06-22 22:25 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-06-22 22:25 UTC (permalink / raw)
  To: fw, gregkh, john.stultz, pablo; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    netfilter: x_tables: don't reject valid target size on some architectures

to the 3.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-x_tables-don-t-reject-valid-target-size-on-some-architectures.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 7b7eba0f3515fca3296b8881d583f7c1042f5226 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 1 Jun 2016 02:04:44 +0200
Subject: netfilter: x_tables: don't reject valid target size on some architectures

From: Florian Westphal <fw@strlen.de>

commit 7b7eba0f3515fca3296b8881d583f7c1042f5226 upstream.

Quoting John Stultz:
  In updating a 32bit arm device from 4.6 to Linus' current HEAD, I
  noticed I was having some trouble with networking, and realized that
  /proc/net/ip_tables_names was suddenly empty.
  Digging through the registration process, it seems we're catching on the:

   if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
       target_offset + sizeof(struct xt_standard_target) != next_offset)
         return -EINVAL;

  Where next_offset seems to be 4 bytes larger then the
  offset + standard_target struct size.

next_offset needs to be aligned via XT_ALIGN (so we can access all members
of ip(6)t_entry struct).

This problem didn't show up on i686 as it only needs 4-byte alignment for
u64, but iptables userspace on other 32bit arches does insert extra padding.

Reported-by: John Stultz <john.stultz@linaro.org>
Tested-by: John Stultz <john.stultz@linaro.org>
Fixes: 7ed2abddd20cf ("netfilter: x_tables: check standard target size too")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/x_tables.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -628,7 +628,7 @@ int xt_compat_check_entry_offsets(const
 		return -EINVAL;
 
 	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
-	    target_offset + sizeof(struct compat_xt_standard_target) != next_offset)
+	    COMPAT_XT_ALIGN(target_offset + sizeof(struct compat_xt_standard_target)) != next_offset)
 		return -EINVAL;
 
 	/* compat_xt_entry match has less strict aligment requirements,
@@ -710,7 +710,7 @@ int xt_check_entry_offsets(const void *b
 		return -EINVAL;
 
 	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
-	    target_offset + sizeof(struct xt_standard_target) != next_offset)
+	    XT_ALIGN(target_offset + sizeof(struct xt_standard_target)) != next_offset)
 		return -EINVAL;
 
 	return xt_check_entry_match(elems, base + target_offset,


Patches currently in stable-queue which might be from fw@strlen.de are

queue-3.14/netfilter-x_tables-add-and-use-xt_check_entry_offsets.patch
queue-3.14/netfilter-x_tables-assert-minimum-target-size.patch
queue-3.14/netfilter-x_tables-add-compat-version-of-xt_check_entry_offsets.patch
queue-3.14/netfilter-x_tables-check-for-bogus-target-offset.patch
queue-3.14/netfilter-x_tables-validate-e-target_offset-early.patch
queue-3.14/netfilter-x_tables-validate-targets-of-jumps.patch
queue-3.14/netfilter-x_tables-don-t-move-to-non-existent-next-rule.patch
queue-3.14/netfilter-x_tables-kill-check_entry-helper.patch
queue-3.14/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob-size.patch
queue-3.14/netfilter-x_tables-check-standard-target-size-too.patch
queue-3.14/netfilter-x_tables-validate-all-offsets-and-sizes-in-a-rule.patch
queue-3.14/netfilter-x_tables-don-t-reject-valid-target-size-on-some-architectures.patch
queue-3.14/netfilter-x_tables-fix-unconditional-helper.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-06-22 22:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-22 22:25 Patch "netfilter: x_tables: don't reject valid target size on some architectures" has been added to the 3.14-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).