Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum

[PATCH 0/1] Netfilter OOB memory access security patch · Will McVicker <hidden> · 2020-07-27
[PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Will McVicker <hidden> · 2020-07-27
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-29
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-08-03
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-04
[PATCH v3 0/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
[PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Florian Westphal <fw@strlen.de> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will Deacon <will@kernel.org> · 2020-09-01
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-09-01

From: Will Deacon <will@kernel.org>
Date: 2020-09-01 16:13:34
Also in: lkml, netfilter-devel, stable

Hi Will, Pablo,

On Tue, Aug 04, 2020 at 01:37:11PM +0200, Pablo Neira Ayuso wrote:

This patch is much smaller and if you confirm this is address the
issue, then this is awesome.

Did that ever get confirmed? AFAICT, nothing ended up landing in the stable
trees for this.

Cheers,

Will

On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote:
[...]

quoted

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 31fa94064a62..56d310f8b29a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c

@@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
 	if (!tb[CTA_TUPLE_IP])
 		return -EINVAL;
 
+	if (l3num >= NFPROTO_NUMPROTO)
+		return -EINVAL;

l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6.

Other than that, bail out with EOPNOTSUPP.

Thank you.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help