iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: x_tables: check name length in find_match/target, too

Browse Source 
ebtables uses find_match() rather than find_request_match in one case
(see bcf4934288402be3464110109a4dae3bd6fb3e93,
 "netfilter: ebtables: Fix extension lookup with identical name"), so
 extend the check on name length to those functions too.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2018-04-25 13:38:47 +02:00 committed by Pablo Neira Ayuso
parent 72d4d3e398
commit dceb48d86b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/netfilter/x_tables.c
View File

@ -183,6 +183,9 @@ struct xt_match *xt_find_match(u8 af, const char *name, u8 revision)
struct xt_match *m; struct xt_match *m;
int err = -ENOENT; int err = -ENOENT;
if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
return ERR_PTR(-EINVAL);
mutex_lock(&xt[af].mutex); mutex_lock(&xt[af].mutex);
list_for_each_entry(m, &xt[af].match, list) { list_for_each_entry(m, &xt[af].match, list) {
if (strcmp(m->name, name) == 0) { if (strcmp(m->name, name) == 0) {
@ -229,6 +232,9 @@ struct xt_target *xt_find_target(u8 af, const char *name, u8 revision)
struct xt_target *t; struct xt_target *t;
int err = -ENOENT; int err = -ENOENT;
if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
return ERR_PTR(-EINVAL);
mutex_lock(&xt[af].mutex); mutex_lock(&xt[af].mutex);
list_for_each_entry(t, &xt[af].target, list) { list_for_each_entry(t, &xt[af].target, list) {
if (strcmp(t->name, name) == 0) { if (strcmp(t->name, name) == 0) {