Re: [PATCH] netfilter: fix pointer leaks to userspace

From: Pablo Neira Ayuso
Date: Wed Jan 31 2018 - 08:58:47 EST

Next message: Pablo Neira Ayuso: "Re: [PATCH] netfilter: fix out-of-bounds accesses in clusterip_tg_check()"
Previous message: Hanjun Guo: "Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support"
In reply to: Dmitry Vyukov: "[PATCH] netfilter: fix pointer leaks to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 29, 2018 at 01:21:20PM +0100, Dmitry Vyukov wrote:
> Several netfilter matches and targets put kernel pointers into
> info objects, but don't set usersize in descriptors.
> This leads to kernel pointer leaks if a match/target is set
> and then read back to userspace.
>
> Properly set usersize for these matches/targets.
>
> Found with manual code inspection.

Applied, thanks!

I think this fixes:

ec2318904965 xtables: extend matches and targets with .usersize

So I'm going to add the Fixes: tag here, no problem.

Next message: Pablo Neira Ayuso: "Re: [PATCH] netfilter: fix out-of-bounds accesses in clusterip_tg_check()"
Previous message: Hanjun Guo: "Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support"
In reply to: Dmitry Vyukov: "[PATCH] netfilter: fix pointer leaks to userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]