netfilter: x_tables: assert minimum target size

[ Upstream commit a08e4e190b866579896c09af59b3bdca821da2cd ] The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
author: Florian Westphal <fw@strlen.de> 2016-04-01 14:17:25 +0200
committer: Sasha Levin <sasha.levin@oracle.com> 2016-07-10 23:07:33 -0400
commit: aae91919c9d6d1aa6d6390826979e6d2c89a7ba4 (patch)
tree: 5259b25232a0c8fa6100d981f9b049e71b73f7c0
parent: 801cd32774d12dccfcfc0c22b0b26d84ed995c6f (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index b631357686ce..ce9f7b3dbd12 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -570,6 +570,9 @@ int xt_check_entry_offsets(const void *base,
 		return -EINVAL;
 
 	t = (void *)(e + target_offset);
+	if (t->u.target_size < sizeof(*t))
+		return -EINVAL;
+
 	if (target_offset + t->u.target_size > next_offset)
 		return -EINVAL;
author	Florian Westphal <fw@strlen.de>	2016-04-01 14:17:25 +0200
committer	Sasha Levin <sasha.levin@oracle.com>	2016-07-10 23:07:33 -0400
commit	aae91919c9d6d1aa6d6390826979e6d2c89a7ba4 (patch)
tree	5259b25232a0c8fa6100d981f9b049e71b73f7c0
parent	801cd32774d12dccfcfc0c22b0b26d84ed995c6f (diff)