Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: x_tables: ensure names are nul-terminated
Reject names that lack a \0 character before feeding them
to functions that expect c-strings.
Fixes tag is the most recent commit that needs this change.
Fixes: c38c4597e4bf ("netfilter: implement xt_cgroup cgroup2 path match")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
authored by
Florian Westphal
and committed by
Pablo Neira Ayuso
a958a4f9
6d52a4a0
+11
+6
net/netfilter/xt_cgroup.c
+6
net/netfilter/xt_cgroup.c
···
65
65
66
66
info->priv = NULL;
67
67
if (info->has_path) {
68
+
if (strnlen(info->path, sizeof(info->path)) >= sizeof(info->path))
69
+
return -ENAMETOOLONG;
70
+
68
71
cgrp = cgroup_get_from_path(info->path);
69
72
if (IS_ERR(cgrp)) {
70
73
pr_info_ratelimited("invalid path, errno=%ld\n",
···
105
102
106
103
info->priv = NULL;
107
104
if (info->has_path) {
105
+
if (strnlen(info->path, sizeof(info->path)) >= sizeof(info->path))
106
+
return -ENAMETOOLONG;
107
+
108
108
cgrp = cgroup_get_from_path(info->path);
109
109
if (IS_ERR(cgrp)) {
110
110
pr_info_ratelimited("invalid path, errno=%ld\n",
+5
net/netfilter/xt_rateest.c
+5
net/netfilter/xt_rateest.c
···
91
91
goto err1;
92
92
}
93
93
94
+
if (strnlen(info->name1, sizeof(info->name1)) >= sizeof(info->name1))
95
+
return -ENAMETOOLONG;
96
+
if (strnlen(info->name2, sizeof(info->name2)) >= sizeof(info->name2))
97
+
return -ENAMETOOLONG;
98
+
94
99
ret = -ENOENT;
95
100
est1 = xt_rateest_lookup(par->net, info->name1);
96
101
if (!est1)