moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
77a5baefe1be118fec7deefd9935e2bc0d4ec596
kernel_arpi/net/netfilter
History
Florian Westphal 5b380c56bb netfilter: nfnetlink_queue: fix OOB when mac header was cleared 
[ Upstream commit 5648b5e1169ff1d6d6a46c35c0b5fbebd2a5cbb2 ]

On 64bit platforms the MAC header is set to 0xffff on allocation and
also when a helper like skb_unset_mac_header() is called.

dev_parse_header may call skb_mac_header() which assumes valid mac offset:

 BUG: KASAN: use-after-free in eth_header_parse+0x75/0x90
 Read of size 6 at addr ffff8881075a5c05 by task nf-queue/1364
 Call Trace:
  memcpy+0x20/0x60
  eth_header_parse+0x75/0x90
  __nfqnl_enqueue_packet+0x1a61/0x3380
  __nf_queue+0x597/0x1300
  nf_queue+0xf/0x40
  nf_hook_slow+0xed/0x190
  nf_hook+0x184/0x440
  ip_output+0x1c0/0x2a0
  nf_reinject+0x26f/0x700
  nfqnl_recv_verdict+0xa16/0x18b0
  nfnetlink_rcv_msg+0x506/0xe70

The existing code only works if the skb has a mac header.

Fixes: 2c38de4c1f ("netfilter: fix looped (broad|multi)cast's MAC handling")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:17:02 +01:00
..
ipset
netfilter: ipset: Fix oversized kvmalloc() calls
2021-09-14 00:50:01 +02:00
ipvs
netfilter: ipvs: make global sysctl readonly in non-init netns
2021-10-14 23:08:35 +02:00
core.c
netfilter: add inet ingress support
2020-10-12 01:57:34 +02:00
Kconfig
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
2021-10-07 19:37:25 +02:00
Makefile
netfilter: add netfilter hooks to SRv6 data plane
2021-08-30 01:51:36 +02:00
nf_conncount.c
nf_conntrack_acct.c
netfilter: nf_conntrack_acct.c: A typo fix
2021-03-28 17:31:14 -07:00
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c
netfilter: conntrack: serialize hash resizes and cleanups
2021-09-21 03:46:56 +02:00
nf_conntrack_ecache.c
netfilter: ecache: remove nf_exp_event_notifier structure
2021-08-25 12:50:38 +02:00
nf_conntrack_expect.c
netfilter: conntrack: switch to siphash
2021-08-30 11:49:55 +02:00
nf_conntrack_extend.c
netfilter: conntrack: remove two export symbols
2019-12-17 22:59:31 +01:00
nf_conntrack_ftp.c
netfilter: remove BUG_ON() after skb_header_pointer()
2021-05-05 23:45:48 +02:00
nf_conntrack_h323_asn1.c
netfilter: Use fallthrough pseudo-keyword
2020-07-22 01:18:05 +02:00
nf_conntrack_h323_main.c
netfilter: fix clang-12 fmt string warnings
2021-06-01 23:53:51 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: nftables: add nf_ct_pernet() helper function
2021-06-07 12:23:37 +02:00
nf_conntrack_irc.c
netfilter: remove BUG_ON() after skb_header_pointer()
2021-05-05 23:45:48 +02:00
nf_conntrack_labels.c
netfilter: not mark a spinlock as __read_mostly
2019-08-27 18:07:03 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2021-09-03 16:20:37 -07:00
nf_conntrack_pptp.c
netfilter: remove BUG_ON() after skb_header_pointer()
2021-05-05 23:45:48 +02:00
nf_conntrack_proto_dccp.c
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
netfilter: conntrack: nf_ct_gre_keymap_flush() removal
2021-07-02 02:07:01 +02:00
nf_conntrack_proto_icmp.c
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_proto_icmpv6.c
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_proto_sctp.c
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_proto_tcp.c
netfilter: conntrack: remove offload_pickup sysctl again
2021-08-06 17:07:41 +02:00
nf_conntrack_proto_udp.c
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
2021-11-18 19:16:21 +01:00
nf_conntrack_proto.c
netfilter: conntrack: nf_ct_gre_keymap_flush() removal
2021-07-02 02:07:01 +02:00
nf_conntrack_sane.c
netfilter: remove BUG_ON() after skb_header_pointer()
2021-05-05 23:45:48 +02:00
nf_conntrack_seqadj.c
nf_conntrack_sip.c
nf_conntrack_snmp.c
nf_conntrack_standalone.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2021-09-03 16:20:37 -07:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
netfilter: update include directives.
2019-09-13 12:33:06 +02:00
nf_conntrack_timestamp.c
nf_dup_netdev.c
netfilter: nf_fwd_netdev: clear timestamp in forwarding path
2020-10-22 14:49:36 +02:00
nf_flow_table_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-08-13 06:41:22 -07:00
nf_flow_table_inet.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
nf_flow_table_ip.c
netfilter: flowtable: dst_check() from garbage collector path
2021-03-31 22:34:11 +02:00
nf_flow_table_offload.c
net: Fix offloading indirect devices dependency on qdisc order creation
2021-08-19 13:19:30 +01:00
nf_hooks_lwtunnel.c
netfilter: add netfilter hooks to SRv6 data plane
2021-08-30 01:51:36 +02:00
nf_internals.h
netfilter: ctnetlink: add kernel side filtering for dump
2020-05-27 22:20:34 +02:00
nf_log_syslog.c
netfilter: nf_log_syslog: Unset bridge logger in pernet exit
2021-04-26 03:20:47 +02:00
nf_log.c
netfilter: nft_log: perform module load from nf_tables
2021-03-31 22:34:11 +02:00
nf_nat_amanda.c
nf_nat_core.c
netfilter: nat: include zone id in nat table hash again
2021-09-21 03:46:55 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c
netfilter: nf_nat_masquerade: defer conntrack walk to work queue
2021-09-21 03:46:56 +02:00
nf_nat_proto.c
netfilter: nat: move nf_xfrm_me_harder to where it is used
2021-04-26 03:20:07 +02:00
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2021-08-11 10:22:26 +01:00
nf_sockopt.c
netfilter: switch nf_setsockopt to sockptr_t
2020-07-24 15:41:54 -07:00
nf_synproxy_core.c
netfilter: synproxy: Fix out of bounds when parsing TCP options
2021-06-10 14:26:18 -07:00
nf_tables_api.c
netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification
2021-10-02 12:00:17 +02:00
nf_tables_core.c
netfilter: nf_tables: add last expression
2021-06-17 03:23:00 +02:00
nf_tables_offload.c
net: Fix offloading indirect devices dependency on qdisc order creation
2021-08-19 13:19:30 +01:00
nf_tables_trace.c
netfilter: nf_tables: add and use nft_thoff helper
2021-05-29 01:04:54 +02:00
nfnetlink_acct.c
netfilter: use nfnetlink_unicast()
2021-05-29 01:04:53 +02:00
nfnetlink_cthelper.c
Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net
2021-06-07 13:01:52 -07:00
nfnetlink_cttimeout.c
netfilter: use nfnetlink_unicast()
2021-05-29 01:04:53 +02:00
nfnetlink_hook.c
netfilter: nfnetlink_hook: translate inet ingress to netdev
2021-08-06 17:07:41 +02:00
nfnetlink_log.c
netfilter: nfnetlink: add struct nfgenmsg to struct nfnl_info and use it
2021-06-07 12:23:36 +02:00
nfnetlink_osf.c
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
2021-05-05 22:26:09 +02:00
nfnetlink_queue.c
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
2021-11-18 19:17:02 +01:00
nfnetlink.c
netfilter: add new hook nfnl subsystem
2021-06-07 12:41:10 +02:00
nft_bitwise.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_byteorder.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_chain_filter.c
netfilter: nf_tables: skip netdev events generated on netns removal
2021-10-07 19:37:38 +02:00
nft_chain_nat.c
netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec()
2021-05-29 01:04:54 +02:00
nft_chain_route.c
netfilter: nf_tables: remove unused arg in nft_set_pktinfo_unspec()
2021-05-29 01:04:54 +02:00
nft_cmp.c
netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector
2021-04-18 22:02:21 +02:00
nft_compat.c
netfilter: log: work around missing softdep backend module
2021-09-21 03:46:56 +02:00
nft_connlimit.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
nft_counter.c
netfilter: nftables: counter hardware offload support
2021-04-18 22:04:49 +02:00
nft_ct.c
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
2021-08-11 11:22:19 +02:00
nft_dup_netdev.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_dynset.c
netfilter: nft_dynset: relax superfluous check on set updates
2021-11-18 19:16:30 +01:00
nft_exthdr.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
nft_fib_inet.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
nft_fib_netdev.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
nft_fib.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_flow_offload.c
netfilter: nf_tables: add and use nft_thoff helper
2021-05-29 01:04:54 +02:00
nft_fwd_netdev.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_hash.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_immediate.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_last.c
netfilter: nft_last: avoid possible false sharing
2021-07-23 14:18:02 +02:00
nft_limit.c
netfilter: nft_limit: avoid possible divide error in nft_limit_init
2021-04-10 21:15:35 +02:00
nft_log.c
netfilter: nft_log: perform module load from nf_tables
2021-03-31 22:34:11 +02:00
nft_lookup.c
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_masq.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_meta.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_nat.c
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
2021-07-23 14:18:03 +02:00
nft_numgen.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_objref.c
netfilter: add and use nft_set_do_lookup helper
2021-05-28 21:11:41 +02:00
nft_osf.c
netfilter: nft_osf: check for TCP packet before further processing
2021-06-16 20:51:50 +02:00
nft_payload.c
netfilter: nf_tables: add and use nft_thoff helper
2021-05-29 01:04:54 +02:00
nft_queue.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_quota.c
netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification
2021-10-02 12:00:17 +02:00
nft_range.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_redir.c
netfilter: nftables: add nft_parse_register_load() and use it
2021-01-27 22:53:29 +01:00
nft_reject_inet.c
netfilter: nf_tables: add and use nft_sk helper
2021-05-29 01:04:53 +02:00
nft_reject_netdev.c
netfilter: nft_reject: add reject verdict support for netdev
2020-10-31 10:41:00 +01:00
nft_reject.c
netfilter: nft_reject: unify reject init and dump into nft_reject
2020-10-31 10:40:42 +01:00
nft_rt.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_set_bitmap.c
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_set_hash.c
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_set_pipapo_avx2.c
netfilter: nft_set_pipapo_avx2: fix up description warnings
2021-06-01 23:53:51 +02:00
nft_set_pipapo_avx2.h
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_set_pipapo.c
netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
2021-05-14 01:42:52 +02:00
nft_set_pipapo.h
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_set_rbtree.c
netfilter: nf_tables: prefer direct calls for set lookups
2021-05-29 01:04:27 +02:00
nft_socket.c
netfilter: nft_socket: fix build with CONFIG_SOCK_CGROUP_DATA=n
2021-04-27 22:34:05 +02:00
nft_synproxy.c
netfilter: nf_tables: add and use nft_thoff helper
2021-05-29 01:04:54 +02:00
nft_tproxy.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
nft_tunnel.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_xfrm.c
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
utils.c
netfilter: use actual socket sk rather than skb sk when routing harder
2020-10-30 12:57:39 +01:00
x_tables.c
netfilter: x_tables: never register tables by default
2021-08-09 10:22:01 +02:00
xt_addrtype.c
xt_AUDIT.c
netfilter: fix clang-12 fmt string warnings
2021-06-01 23:53:51 +02:00
xt_bpf.c
bpf: Refactor BPF_PROG_RUN into a function
2021-08-17 00:45:07 +02:00
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
netfilter: update include directives.
2019-09-13 12:33:06 +02:00
xt_connmark.c
netfilter: Replace HTTP links with HTTPS ones
2020-07-29 20:09:18 +02:00
xt_CONNSECMARK.c
netfilter: Replace HTTP links with HTTPS ones
2020-07-29 20:09:18 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c
netfilter: remove xt pernet data
2021-08-01 12:00:51 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
netfilter: Replace zero-length array with flexible-array member
2020-03-15 15:20:16 +01:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
netfilter: xt_HMARK: Use ip_is_fragment() helper
2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c
netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value
2021-10-07 19:35:57 +02:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c
netfilter: x_tables: improve limit_mt scalability
2021-05-29 01:04:52 +02:00
xt_LOG.c
netfilter: log: work around missing softdep backend module
2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
netfilter: Add MODULE_DESCRIPTION entries to kernel modules
2020-06-25 00:50:31 +02:00
xt_NETMAP.c
xt_nfacct.c
netfilter: Remove unnecessary conversion to bool
2020-12-01 09:45:29 +01:00
xt_NFLOG.c
netfilter: log: work around missing softdep backend module
2021-09-21 03:46:56 +02:00
xt_NFQUEUE.c
xt_osf.c
xt_owner.c
xt_physdev.c
netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers
2019-09-13 12:32:48 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
netfilter: xt_RATEEST: reject non-null terminated string from userspace
2020-12-27 11:52:26 +01:00
xt_realm.c
xt_recent.c
netfilter: xt_recent: Fix attempt to update deleted entry
2021-02-04 00:33:08 +01:00
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
netfilter: xt_SECMARK: add new revision to fix structure layout
2021-05-03 23:02:44 +02:00
xt_set.c
netfilter: inline four headers files into another one.
2019-08-13 12:14:26 +02:00
xt_socket.c
netfilter: disable defrag once its no longer needed
2021-04-26 03:20:07 +02:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c
netfilter: Replace HTTP links with HTTPS ones
2020-07-29 20:09:18 +02:00
xt_TPROXY.c
netfilter: disable defrag once its no longer needed
2021-04-26 03:20:07 +02:00
xt_TRACE.c
netfilter: nf_log: add module softdeps
2021-03-31 22:34:10 +02:00
xt_u32.c