Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / e27bf5d572b5d9a71d911d94dcd0993026d47486
commite27bf5d572b5d9a71d911d94dcd0993026d47486[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Tue Dec 22 23:23:56 2020 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Tue Jan 12 19:49:05 2021 +0100
tree48143f51a60d54368b033c84331b1f4db76e8374
parent0a4feb89b0acfb5ca53cc494204f0aaf22fed7bd [diff]
netfilter: xt_RATEEST: reject non-null terminated string from userspace

commit 6cb56218ad9e580e519dcd23bfb3db08d8692e5a upstream.

syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
 strlen include/linux/string.h:325 [inline]
 strlcpy include/linux/string.h:348 [inline]
 xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143

strlcpy assumes src is a c-string. Check info->name before its used.

Reported-by: syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com
Fixes: 5859034d7eb8793 ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 48143f51a60d54368b033c84331b1f4db76e8374
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS