Dave Jones 1086bbe97a netfilter: ensure number of counters is >0 in do_replace() ...

After improving setsockopt() coverage in trinity, I started triggering
vmalloc failures pretty reliably from this code path:

warn_alloc_failed+0xe9/0x140
__vmalloc_node_range+0x1be/0x270
vzalloc+0x4b/0x50
__do_replace+0x52/0x260 [ip_tables]
do_ipt_set_ctl+0x15d/0x1d0 [ip_tables]
nf_setsockopt+0x65/0x90
ip_setsockopt+0x61/0xa0
raw_setsockopt+0x16/0x60
sock_common_setsockopt+0x14/0x20
SyS_setsockopt+0x71/0xd0

It turns out we don't validate that the num_counters field in the
struct we pass in from userspace is initialized.

The same problem also exists in ebtables, arptables, ipv6, and the
compat variants.

Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2015-05-20 13:46:49 +02:00

..

netfilter

netfilter: ensure number of counters is >0 in do_replace()

2015-05-20 13:46:49 +02:00

af_inet.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

ah4.c

ipsec: Remove obsolete MAX_AH_AUTH_LEN

2014-09-18 10:54:36 +02:00

arp.c

netfilter: Pass socket pointer down through okfn().

2015-04-07 15:25:55 -04:00

cipso_ipv4.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

datagram.c

net: Save TX flow hash in sock and set in skbuf on xmit

2014-07-07 21:14:21 -07:00

devinet.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

esp4.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

fib_frontend.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-04-06 22:34:15 -04:00

fib_lookup.h

ipv4: FIB Local/MAIN table collapse

2015-03-11 16:22:14 -04:00

fib_rules.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

fib_semantics.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

fib_trie.c

rename RTNH_F_EXTERNAL to RTNH_F_OFFLOAD

2015-05-14 22:45:39 -04:00

fou.c

fou: avoid missing unlock in failure path

2015-04-16 12:11:19 -04:00

geneve.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-04-14 15:44:14 -04:00

gre_demux.c

net: Fix GRE RX to use skb_transport_header for GRE header offset

2014-09-08 15:23:05 -07:00

gre_offload.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

icmp.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

igmp.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

inet_connection_sock.c

inet: fix possible panic in reqsk_queue_unlink()

2015-04-24 11:39:15 -04:00

inet_diag.c

tcp: prepare CC get_info() access from getsockopt()

2015-04-29 17:10:38 -04:00

inet_fragment.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

inet_hashtables.c

tcp/dccp: get rid of central timewait timer

2015-04-13 16:40:05 -04:00

inet_lro.c

lro: remove dead code

2013-12-29 16:34:25 -05:00

inet_timewait_sock.c

tcp/dccp: get rid of central timewait timer

2015-04-13 16:40:05 -04:00

inetpeer.c

inet: remove dead inetpeer sequence code

2014-09-08 16:42:42 -07:00

ip_forward.c

ip_forward: Drop frames with attached skb->sk

2015-04-20 14:07:33 -04:00

ip_fragment.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

ip_gre.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

ip_input.c

netfilter: Pass socket pointer down through okfn().

2015-04-07 15:25:55 -04:00

ip_options.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

ip_output.c

net: remove extra newlines

2015-04-07 22:24:37 -04:00

ip_sockglue.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

ip_tunnel_core.c

ipv4: ip_tunnel: use net namespace from rtable not socket

2015-04-08 12:09:42 -04:00

ip_tunnel.c

udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().

2015-04-07 15:29:08 -04:00

ip_vti.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

ipcomp.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

ipconfig.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

ipip.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

ipmr.c

netfilter: Pass socket pointer down through okfn().

2015-04-07 15:25:55 -04:00

Kconfig

net: Move fou_build_header into fou.c and refactor

2014-11-05 16:30:02 -05:00

Makefile

net: Add Geneve tunneling protocol driver

2014-10-06 00:32:20 -04:00

netfilter.c

netfilter: Use nf_hook_state in nf_queue_entry.

2015-04-04 12:25:22 -04:00

ping.c

ipv4: Missing sk_nulls_node_init() in ping_unhash().

2015-05-01 22:02:47 -04:00

proc.c

tcp/dccp: get rid of central timewait timer

2015-04-13 16:40:05 -04:00

protocol.c

net: Export inet_offloads and inet6_offloads

2014-09-19 17:15:31 -04:00

raw.c

Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2015-04-13 18:18:05 -04:00

route.c

route: Use ipv4_mtu instead of raw rt_pmtu

2015-04-29 14:43:22 -04:00

syncookies.c

tcp: fix ipv4 mapped request socks

2015-03-25 00:57:48 -04:00

sysctl_net_ipv4.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

tcp_bic.c

tcp: stretch ACK fixes prep

2015-01-28 22:18:37 -08:00

tcp_cong.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-03-20 18:51:09 -04:00

tcp_cubic.c

tcp: restore 1.5x per RTT limit to CUBIC cwnd growth in congestion avoidance

2015-03-11 16:51:51 -04:00

tcp_dctcp.c

tcp: prepare CC get_info() access from getsockopt()

2015-04-29 17:10:38 -04:00

tcp_diag.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

tcp_fastopen.c

tcp: add tcpi_bytes_received to tcp_info

2015-04-29 17:10:37 -04:00

tcp_highspeed.c

tcp: whitespace fixes

2014-09-01 18:12:45 -07:00

tcp_htcp.c

tcp: whitespace fixes

2014-09-01 18:12:45 -07:00

tcp_hybla.c

tcp: whitespace fixes

2014-09-01 18:12:45 -07:00

tcp_illinois.c

tcp: prepare CC get_info() access from getsockopt()

2015-04-29 17:10:38 -04:00

tcp_input.c

tcp: update reordering first before detecting loss

2015-04-29 17:10:38 -04:00

tcp_ipv4.c

inet: fix possible panic in reqsk_queue_unlink()

2015-04-24 11:39:15 -04:00

tcp_lp.c

tcp: remove in_flight parameter from cong_avoid() methods

2014-05-03 19:23:07 -04:00

tcp_memcontrol.c

memcg: cleanup static keys decrement

2015-02-12 18:54:10 -08:00

tcp_metrics.c

tcp: RFC7413 option support for Fast Open client

2015-04-07 18:36:39 -04:00

tcp_minisocks.c

tcp/ipv6: fix flow label setting in TIME_WAIT state

2015-05-17 23:41:59 -04:00

tcp_offload.c

tcp: cleanup static functions

2015-02-28 16:56:51 -05:00

tcp_output.c

tcp: avoid looping in tcp_send_fin()

2015-04-24 11:06:48 -04:00

tcp_probe.c

tcp: whitespace fixes

2014-09-01 18:12:45 -07:00

tcp_scalable.c

tcp: stretch ACK fixes prep

2015-01-28 22:18:37 -08:00

tcp_timer.c

tcp: RFC7413 option support for Fast Open client

2015-04-07 18:36:39 -04:00

tcp_vegas.c

tcp: prepare CC get_info() access from getsockopt()

2015-04-29 17:10:38 -04:00

tcp_vegas.h

tcp: prepare CC get_info() access from getsockopt()

2015-04-29 17:10:38 -04:00

tcp_veno.c

tcp: stretch ACK fixes prep

2015-01-28 22:18:37 -08:00

tcp_westwood.c

tcp_westwood: fix tcp_westwood_info()

2015-05-05 19:50:09 -04:00

tcp_yeah.c

tcp: stretch ACK fixes prep

2015-01-28 22:18:37 -08:00

tcp.c

tcp: add TCP_CC_INFO socket option

2015-04-29 17:10:38 -04:00

tunnel4.c

net: Convert printks to pr_<level>

2012-03-11 23:42:51 -07:00

udp_diag.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

udp_impl.h

net: Remove iocb argument from sendmsg and recvmsg

2015-03-02 13:06:31 -05:00

udp_offload.c

ipv4: coding style: comparison for inequality with NULL

2015-04-03 12:11:15 -04:00

udp_tunnel.c

udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().

2015-04-07 15:29:08 -04:00

udp.c

net: remove extra newlines

2015-04-07 22:24:37 -04:00

udplite.c

net: Eliminate no_check from protosw

2014-05-23 16:28:53 -04:00

xfrm4_input.c

netfilter: Pass socket pointer down through okfn().

2015-04-07 15:25:55 -04:00

xfrm4_mode_beet.c

ipv4: ERROR: code indent should use tabs where possible

2013-12-26 13:43:21 -05:00

xfrm4_mode_transport.c

…

xfrm4_mode_tunnel.c

ipv4: hash net ptr into fragmentation bucket selection

2015-03-25 14:07:04 -04:00

xfrm4_output.c

netfilter: Pass socket pointer down through okfn().

2015-04-07 15:25:55 -04:00

xfrm4_policy.c

ipv4: coding style: comparison for equality with NULL

2015-04-03 12:11:15 -04:00

xfrm4_protocol.c

xfrm4: Remove duplicate semicolon

2014-06-30 07:49:47 +02:00

xfrm4_state.c

inet: make no_pmtu_disc per namespace and kill ipv4_config

2013-12-18 16:58:20 -05:00

xfrm4_tunnel.c

sit: add IPv4 over IPv4 support

2013-05-31 17:19:05 -07:00