iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Liping Zhang 2fa46c1301 netfilter: nft_limit: fix divided by zero panic 
After I input the following nftables rule, a panic happened on my system:
  # nft add rule filter OUTPUT limit rate 0xf00000000 bytes/second

  divide error: 0000 [#1] SMP
  [ ... ]
  RIP: 0010:[<ffffffffa059035e>]  [<ffffffffa059035e>]
  nft_limit_pkt_bytes_eval+0x2e/0xa0 [nft_limit]
  Call Trace:
  [<ffffffffa05721bb>] nft_do_chain+0xfb/0x4e0 [nf_tables]
  [<ffffffffa044f236>] ? nf_nat_setup_info+0x96/0x480 [nf_nat]
  [<ffffffff81753767>] ? ipt_do_table+0x327/0x610
  [<ffffffffa044f677>] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat]
  [<ffffffffa058b21f>] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4]
  [<ffffffff816f4aa2>] nf_iterate+0x62/0x80
  [<ffffffff816f4b33>] nf_hook_slow+0x73/0xd0
  [<ffffffff81703d0d>] __ip_local_out+0xcd/0xe0
  [<ffffffff81701d90>] ? ip_forward_options+0x1b0/0x1b0
  [<ffffffff81703d3c>] ip_local_out+0x1c/0x40

This is because divisor is 64-bit, but we treat it as a 32-bit integer,
then 0xf00000000 becomes zero, i.e. divisor becomes 0.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-10-04 08:59:03 +02:00
..
ipset
netfilter: ipset: fix race condition in ipset save, swap and delete
2016-03-28 17:57:45 +02:00
ipvs
ipvs: use nf_ct_kill helper
2016-08-12 00:43:52 +02:00
core.c
netfilter: accommodate different kconfig in nf_set_hooks_head
2016-09-30 20:15:26 +02:00
Kconfig
netfilter: nf_tables: add number generator expression
2016-08-22 11:42:22 +02:00
Makefile
netfilter: nf_tables: add range expression
2016-09-25 23:16:42 +02:00
nf_conntrack_acct.c
netfilter: Remove uses of seq_<foo> return values
2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
nf_conntrack_core.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-09-25 23:34:19 +02:00
nf_conntrack_ecache.c
netfilter: don't rely on DYING bit to detect when destroy event was sent
2016-08-30 11:43:08 +02:00
nf_conntrack_expect.c
netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
2016-08-09 10:38:46 +02:00
nf_conntrack_extend.c
netfilter: move nat hlist_head to nf_conn
2016-07-11 11:47:50 +02:00
nf_conntrack_ftp.c
netfilter: ftp: Remove the useless code
2016-09-07 10:38:00 +02:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
nf_conntrack_irc.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_l3proto_generic.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c
netfilter: connlabels: move set helper to xt_connlabel
2016-07-22 17:05:10 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
netfilter: conntrack: remove packet hotpath stats
2016-09-12 19:59:39 +02:00
nf_conntrack_pptp.c
netfilter: conntrack: get rid of conntrack timer
2016-08-30 11:43:09 +02:00
nf_conntrack_proto_dccp.c
netfilter: conntrack: Only need first 4 bytes to get l4proto ports
2016-08-12 00:41:08 +02:00
nf_conntrack_proto_generic.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_gre.c
netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter
2016-09-07 10:36:52 +02:00
nf_conntrack_proto_sctp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_tcp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udp.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udplite.c
netfilter: conntrack: Only need first 4 bytes to get l4proto ports
2016-08-12 00:41:08 +02:00
nf_conntrack_proto.c
netfilter: remove ip_conntrack* sysctl compat code
2016-08-13 13:27:13 +02:00
nf_conntrack_sane.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_seqadj.c
netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack
2016-09-25 14:54:01 +02:00
nf_conntrack_sip.c
netfilter: nf_ct_sip: allow tab character in SIP headers
2016-09-07 13:53:43 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c
netfilter: evict stale entries when user reads /proc/net/nf_conntrack
2016-09-25 14:54:08 +02:00
nf_conntrack_tftp.c
netfilter: Add helper array register/unregister functions
2016-07-21 02:31:53 +02:00
nf_conntrack_timeout.c
netfilter: cttimeout: add netns support
2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.c
netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion
2013-12-20 14:58:29 +01:00
nf_dup_netdev.c
net: remove skb_sender_cpu_clear()
2016-03-01 17:36:47 -05:00
nf_internals.h
netfilter: replace list_head with single linked list
2016-09-25 14:38:48 +02:00
nf_log_common.c
netfilter: nf_log: get rid of XT_LOG_* macros
2016-09-25 23:16:45 +02:00
nf_log.c
netfilter: fix namespace handling in nf_log_proc_dostring
2016-10-04 08:41:06 +02:00
nf_nat_amanda.c
nf_nat_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-09-23 06:46:57 -04:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
2014-01-06 14:17:17 +01:00
nf_nat_proto_common.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_dccp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_sctp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udplite.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_unknown.c
nf_nat_redirect.c
netfilter: nf_nat_redirect: add missing NULL pointer check
2015-10-27 06:54:56 +01:00
nf_nat_sip.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
nf_queue.c
netfilter: replace list_head with single linked list
2016-09-25 14:38:48 +02:00
nf_sockopt.c
netfilter: don't use mutex_lock_interruptible()
2014-08-08 16:47:23 +02:00
nf_synproxy_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2015-09-05 21:57:42 -07:00
nf_tables_api.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nf_tables_core.c
netfilter: nft_log: complete NFTA_LOG_FLAGS attr support
2016-09-25 23:16:43 +02:00
nf_tables_inet.c
netfilter: Add the missed return value check of nft_register_chain_type
2016-09-12 19:54:45 +02:00
nf_tables_netdev.c
netfilter: Add the missed return value check of nft_register_chain_type
2016-09-12 19:54:45 +02:00
nf_tables_trace.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-09-25 23:34:19 +02:00
nfnetlink_acct.c
netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects
2016-08-25 13:11:00 +02:00
nfnetlink_cthelper.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
nfnetlink_cttimeout.c
netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists
2016-08-25 13:11:30 +02:00
nfnetlink_log.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
nfnetlink_queue.c
netfilter: replace list_head with single linked list
2016-09-25 14:38:48 +02:00
nfnetlink.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-02-23 00:09:14 -05:00
nft_bitwise.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_byteorder.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_cmp.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_compat.c
netfilter: nft_compat: fix crash when related match/target module is removed
2016-07-23 12:25:00 +02:00
nft_counter.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nft_ct.c
netfilter: nft_ct: report error if mark and dir specified simultaneously
2016-09-25 14:54:04 +02:00
nft_dup_netdev.c
netfilter: nf_tables: add packet duplication to the netdev family
2016-01-03 21:04:23 +01:00
nft_dynset.c
netfilter: nft_dynset: allow to invert match criteria
2016-09-12 18:49:50 +02:00
nft_exthdr.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_fwd_netdev.c
netfilter: nf_tables: add forward expression to the netdev family
2016-01-04 17:48:38 +01:00
nft_hash.c
netfilter: nft_hash: fix hash overflow validation
2016-09-13 10:49:23 +02:00
nft_immediate.c
netfilter: nf_tables: validate maximum value of u32 netlink attributes
2016-09-23 09:29:02 +02:00
nft_limit.c
netfilter: nft_limit: fix divided by zero panic
2016-10-04 08:59:03 +02:00
nft_log.c
netfilter: nft_log: complete NFTA_LOG_FLAGS attr support
2016-09-25 23:16:43 +02:00
nft_lookup.c
netfilter: nft_lookup: remove superfluous element found check
2016-09-23 09:30:48 +02:00
nft_masq.c
netfilter: nft_masq: support port range
2016-03-02 20:05:27 +01:00
nft_meta.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-09-25 23:34:19 +02:00
nft_nat.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_numgen.c
netfilter: nft_numgen: add number generation offset
2016-09-22 16:33:05 +02:00
nft_payload.c
netfilter: nf_tables: check tprot_set first when we use xt.thoff
2016-09-23 09:30:26 +02:00
nft_queue.c
netfilter: nft_queue: add _SREG_QNUM attr to select the queue number
2016-09-23 09:29:50 +02:00
nft_quota.c
netfilter: nft_quota: introduce nft_overquota()
2016-09-07 11:02:06 +02:00
nft_range.c
netfilter: nf_tables: add range expression
2016-09-25 23:16:42 +02:00
nft_redir.c
netfilter: nf_tables: add register parsing/dumping helpers
2015-04-13 17:17:28 +02:00
nft_reject_inet.c
netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
2016-08-25 12:55:34 +02:00
nft_reject.c
netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT
2016-08-25 12:55:34 +02:00
nft_set_hash.c
netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion
2016-08-26 17:30:20 +02:00
nft_set_rbtree.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-09-06 12:45:26 -07:00
x_tables.c
netfilter: x_tables: speed up jump target validation
2016-07-18 21:35:23 +02:00
xt_addrtype.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_AUDIT.c
netfilter: Convert uses of __constant_<foo> to <foo>
2014-03-13 14:13:19 +01:00
xt_bpf.c
net: filter: split 'struct sk_filter' into socket and bpf parts
2014-08-02 15:03:58 -07:00
xt_cgroup.c
netfilter: implement xt_cgroup cgroup2 path match
2015-12-14 20:34:55 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_comment.c
xt_connbytes.c
netfilter: Convert pr_warning to pr_warn
2014-09-10 12:40:10 -07:00
xt_connlabel.c
netfilter: connlabels: move set helper to xt_connlabel
2016-07-22 17:05:10 +02:00
xt_connlimit.c
netfilter: Enhance the codes used to get random once
2016-09-23 09:30:36 +02:00
xt_connmark.c
netfilter: Fix FSF address in file headers
2013-12-06 12:37:57 -05:00
xt_CONNSECMARK.c
xt_conntrack.c
netfilter: use_nf_conn_expires helper in more places
2016-08-12 00:43:13 +02:00
xt_cpu.c
xt_CT.c
netfilter: cttimeout: add netns support
2015-12-14 12:48:58 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
netfilter: fix various sparse warnings
2014-11-13 12:14:42 +01:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c
netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit division
2016-09-30 20:15:27 +02:00
xt_helper.c
netfilter: Remove explicit rcu_read_lock in nf_hook_slow
2016-09-24 21:29:53 +02:00
xt_hl.c
xt_HL.c
xt_HMARK.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c
netfilter: IDLETIMER: fix race condition when destroy the target
2016-04-29 14:28:48 +02:00
xt_ipcomp.c
netfilter: xt_ipcomp: Use ntohs to ease sparse warning
2014-02-19 11:41:25 +01:00
xt_iprange.c
xt_ipvs.c
ipvs: Pass ipvs into conn_out_get
2015-09-24 09:34:41 +09:00
xt_l2tp.c
netfilter: introduce l2tp match extension
2014-01-09 21:36:39 +01:00
xt_LED.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-08-05 18:46:26 -07:00
xt_length.c
xt_limit.c
xt_LOG.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_mac.c
xt_mark.c
netfilter: xt_MARK: Add ARP support
2015-05-14 13:00:27 +02:00
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
netfilter: nfnetlink_acct: report overquota to the right netns
2016-08-18 00:38:23 +02:00
xt_NFLOG.c
netfilter: xt_NFLOG: nflog-range does not truncate packets
2016-06-24 11:03:23 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: separate reusable code
2013-12-07 23:20:45 +01:00
xt_osf.c
netfilter: xt_osf: remove unused variable
2016-02-29 13:59:43 +01:00
xt_owner.c
netfilter: Allow xt_owner in any user namespace
2016-06-23 13:58:55 +02:00
xt_physdev.c
netfilter: physdev: add missed blank
2016-08-12 00:42:14 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
netfilter: Enhance the codes used to get random once
2016-09-23 09:30:36 +02:00
xt_realm.c
xt_recent.c
netfilter: Enhance the codes used to get random once
2016-09-23 09:30:36 +02:00
xt_REDIRECT.c
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
2014-11-27 13:08:42 +01:00
xt_repldata.h
net: netfilter: LLVMLinux: vlais-netfilter
2014-06-07 11:44:39 -07:00
xt_sctp.c
sctp: rename WORD_TRUNC/ROUND macros
2016-09-22 03:13:26 -04:00
xt_SECMARK.c
xt_set.c
netfilter: ipset: Fix coding styles reported by checkpatch.pl
2015-06-14 10:40:18 +02:00
xt_socket.c
tcp/dccp: do not touch listener sk_refcnt under synflood
2016-04-04 22:11:20 -04:00
xt_state.c
xt_statistic.c
net: replace macros net_random and net_srandom with direct calls to prandom
2014-01-14 15:15:25 -08:00
xt_string.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
xt_tcpmss.c
xt_TCPMSS.c
netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable
2016-09-24 21:13:21 +02:00
xt_TCPOPTSTRIP.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
xt_tcpudp.c
netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
2016-07-03 10:55:07 +02:00
xt_TEE.c
netfilter: Add the missed return value check of register_netdevice_notifier
2016-09-12 19:54:43 +02:00
xt_time.c
xt_TPROXY.c
netfilter: tproxy: properly refcount tcp listeners
2016-08-18 00:51:13 +02:00
xt_TRACE.c
netfilter: xt_TRACE: add explicitly nf_logger_find_get call
2016-06-23 13:26:49 +02:00
xt_u32.c