Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum

[PATCH 0/1] Netfilter OOB memory access security patch · Will McVicker <hidden> · 2020-07-27
[PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Will McVicker <hidden> · 2020-07-27
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-29
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-08-03
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-04
[PATCH v3 0/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
[PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Florian Westphal <fw@strlen.de> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will Deacon <will@kernel.org> · 2020-09-01
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-09-01

From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: 2020-08-04 11:37:21
Also in: lkml, netfilter-devel, stable

Hi,

This patch is much smaller and if you confirm this is address the
issue, then this is awesome.

On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote:
[...]

quoted hunk ↗ jump to hunk

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 31fa94064a62..56d310f8b29a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c

@@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
 	if (!tb[CTA_TUPLE_IP])
 		return -EINVAL;
 
+	if (l3num >= NFPROTO_NUMPROTO)
+		return -EINVAL;

l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6.

Other than that, bail out with EOPNOTSUPP.

Thank you.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help