projects / wrapfs-4.14.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a401cf) | patch
netfilter: x_tables: make sure e->next_offset covers remaining blob size
authorFlorian Westphal <fw@strlen.de>
Tue, 22 Mar 2016 17:02:50 +0000 (18:02 +0100)
committerSasha Levin <sasha.levin@oracle.com>
Tue, 12 Jul 2016 12:48:28 +0000 (08:48 -0400)
commit66b7376b20058801e027cc269090e555433383ac
treeff0f5c6a76225a2c37216169ce24f26cbea05ff6tree | snapshot
parent6a401cf3a41e2248469b1fdcee629445e824ca5bcommit | diff
netfilter: x_tables: make sure e->next_offset covers remaining blob size

[ Upstream commit 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 ]

Otherwise this function may read data beyond the ruleset blob.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
wrapfs-4.14.y