Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum

[PATCH 0/1] Netfilter OOB memory access security patch · Will McVicker <hidden> · 2020-07-27
[PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Will McVicker <hidden> · 2020-07-27
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-29
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-07-31
Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] · William Mcvicker <hidden> · 2020-07-31
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-08-03
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-04
[PATCH v3 0/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
[PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will McVicker <hidden> · 2020-08-24
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Florian Westphal <fw@strlen.de> · 2020-08-28
Re: [PATCH v3 1/1] netfilter: nat: add a range check for l3/l4 protonum · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-08-28
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · Will Deacon <will@kernel.org> · 2020-09-01
Re: [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum · William Mcvicker <hidden> · 2020-09-01

From: William Mcvicker <hidden>
Date: 2020-09-01 17:29:49
Also in: lkml, netfilter-devel, stable

Hi Will,

Pablo is going to add the latest patch to the nf.git tree. Once that
happens, I'm going to propose the patch in nf.git get cherry-picked to
the -stable branches.

Thanks,
Will


On Tue, Sep 1, 2020 at 8:36 AM Will Deacon [off-list ref] wrote:

Hi Will, Pablo,

On Tue, Aug 04, 2020 at 01:37:11PM +0200, Pablo Neira Ayuso wrote:

quoted

This patch is much smaller and if you confirm this is address the
issue, then this is awesome.

Did that ever get confirmed? AFAICT, nothing ended up landing in the stable
trees for this.

Cheers,

Will

quoted

On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote:
[...]

quoted

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 31fa94064a62..56d310f8b29a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c

@@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
    if (!tb[CTA_TUPLE_IP])
            return -EINVAL;

+   if (l3num >= NFPROTO_NUMPROTO)
+           return -EINVAL;

l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6.

Other than that, bail out with EOPNOTSUPP.

Thank you.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help