netfilter: xt_recent: fix stack overread in compat code
Related-to: commit 325fb5b4d2
The compat path suffers from a similar problem. It only uses a __be32
when all of the recent code uses, and expects, an nf_inet_addr
everywhere. As a result, addresses stored by xt_recents were
filled with whatever other stuff was on the stack following the be32.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
With a minor compile fix from Roman.
Reported-and-tested-by: Roman Hoog Antink <rha@open.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
71951b64a5
commit
37e55cf0ce
@ -474,7 +474,7 @@ static ssize_t recent_old_proc_write(struct file *file,
|
|||||||
struct recent_table *t = pde->data;
|
struct recent_table *t = pde->data;
|
||||||
struct recent_entry *e;
|
struct recent_entry *e;
|
||||||
char buf[sizeof("+255.255.255.255")], *c = buf;
|
char buf[sizeof("+255.255.255.255")], *c = buf;
|
||||||
__be32 addr;
|
union nf_inet_addr addr = {};
|
||||||
int add;
|
int add;
|
||||||
|
|
||||||
if (size > sizeof(buf))
|
if (size > sizeof(buf))
|
||||||
@ -506,14 +506,13 @@ static ssize_t recent_old_proc_write(struct file *file,
|
|||||||
add = 1;
|
add = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
addr = in_aton(c);
|
addr.ip = in_aton(c);
|
||||||
|
|
||||||
spin_lock_bh(&recent_lock);
|
spin_lock_bh(&recent_lock);
|
||||||
e = recent_entry_lookup(t, (const void *)&addr, NFPROTO_IPV4, 0);
|
e = recent_entry_lookup(t, &addr, NFPROTO_IPV4, 0);
|
||||||
if (e == NULL) {
|
if (e == NULL) {
|
||||||
if (add)
|
if (add)
|
||||||
recent_entry_init(t, (const void *)&addr,
|
recent_entry_init(t, &addr, NFPROTO_IPV4, 0);
|
||||||
NFPROTO_IPV4, 0);
|
|
||||||
} else {
|
} else {
|
||||||
if (add)
|
if (add)
|
||||||
recent_entry_update(t, e);
|
recent_entry_update(t, e);
|
||||||
|
Loading…
Reference in New Issue
Block a user