diff options
author | Florian Westphal <fw@strlen.de> | 2016-04-01 14:17:25 +0200 |
---|---|---|
committer | Sasha Levin <sasha.levin@oracle.com> | 2016-07-10 23:07:33 -0400 |
commit | aae91919c9d6d1aa6d6390826979e6d2c89a7ba4 (patch) | |
tree | 5259b25232a0c8fa6100d981f9b049e71b73f7c0 | |
parent | 801cd32774d12dccfcfc0c22b0b26d84ed995c6f (diff) |
netfilter: x_tables: assert minimum target size
[ Upstream commit a08e4e190b866579896c09af59b3bdca821da2cd ]
The target size includes the size of the xt_entry_target struct.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
-rw-r--r-- | net/netfilter/x_tables.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index b631357686ce..ce9f7b3dbd12 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -570,6 +570,9 @@ int xt_check_entry_offsets(const void *base, return -EINVAL; t = (void *)(e + target_offset); + if (t->u.target_size < sizeof(*t)) + return -EINVAL; + if (target_offset + t->u.target_size > next_offset) return -EINVAL; |