Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 1e98ffea5a8935ec040ab72299e349cb44b8defd
commit1e98ffea5a8935ec040ab72299e349cb44b8defd[log] [tgz]
authorDmitry Vyukov <dvyukov@google.com>Mon Jan 29 13:21:20 2018 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>Wed Jan 31 14:59:24 2018 +0100
tree512f7e462d332f478c0e3459ca1794abc0c32a9d
parent0b8d9073539e217f79ec1bff65eb205ac796723d [diff]
netfilter: x_tables: fix pointer leaks to userspace

Several netfilter matches and targets put kernel pointers into
info objects, but don't set usersize in descriptors.
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

Properly set usersize for these matches/targets.

Found with manual code inspection.

Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize")
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
5 files changed
tree: 512f7e462d332f478c0e3459ca1794abc0c32a9d
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README