linux/net/ipv4/netfilter
Dave Jones 1086bbe97a netfilter: ensure number of counters is >0 in do_replace()
After improving setsockopt() coverage in trinity, I started triggering
vmalloc failures pretty reliably from this code path:

warn_alloc_failed+0xe9/0x140
__vmalloc_node_range+0x1be/0x270
vzalloc+0x4b/0x50
__do_replace+0x52/0x260 [ip_tables]
do_ipt_set_ctl+0x15d/0x1d0 [ip_tables]
nf_setsockopt+0x65/0x90
ip_setsockopt+0x61/0xa0
raw_setsockopt+0x16/0x60
sock_common_setsockopt+0x14/0x20
SyS_setsockopt+0x71/0xd0

It turns out we don't validate that the num_counters field in the
struct we pass in from userspace is initialized.

The same problem also exists in ebtables, arptables, ipv6, and the
compat variants.

Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-20 13:46:49 +02:00
..
Kconfig netfilter: nf_tables: consolidate Kconfig options 2015-03-06 01:21:15 +01:00
Makefile netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
arp_tables.c netfilter: ensure number of counters is >0 in do_replace() 2015-05-20 13:46:49 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: Pass nf_hook_state through arpt_do_table(). 2015-04-04 13:26:52 -04:00
ip_tables.c netfilter: ensure number of counters is >0 in do_replace() 2015-05-20 13:46:49 +02:00
ipt_CLUSTERIP.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ipt_REJECT.c netfilter: reject: don't send icmp error if csum is invalid 2015-03-03 02:10:35 +01:00
ipt_SYNPROXY.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_rpfilter.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
iptable_filter.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_mangle.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_nat.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_raw.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_security.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
nf_conntrack_l3proto_ipv4.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: Remove uses of seq_<foo> return values 2015-03-18 10:51:35 +01:00
nf_conntrack_proto_icmp.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_defrag_ipv4.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_log_arp.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_log_ipv4.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c netfilter: Pass nf_hook_state through nf_nat_ipv4_{in,out,fn,local_fn}(). 2015-04-04 12:45:19 -04:00
nf_nat_masquerade_ipv4.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_snmp_basic.c netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches 2014-02-14 11:37:36 +01:00
nf_reject_ipv4.c netfilter: bridge: add helpers for fetching physin/outdev 2015-04-08 16:49:08 +02:00
nf_tables_arp.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_nat_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_route_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_masq_ipv4.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir_ipv4.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_reject_ipv4.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00