iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ee4bb818ae
linux/net/ipv6/netfilter
History
Kirill Korotaev ee4bb818ae [NETFILTER]: Fix possible overflow in netfilters do_replace() 
netfilter's do_replace() can overflow on addition within SMP_ALIGN()
and/or on multiplication by NR_CPUS, resulting in a buffer overflow on
the copy_from_user().  In practice, the overflow on addition is
triggerable on all systems, whereas the multiplication one might require
much physical memory to be present due to the check above.  Either is
sufficient to overwrite arbitrary amounts of kernel memory.

I really hate adding the same check to all 4 versions of do_replace(),
but the code is duplicate...

Found by Solar Designer during security audit of OpenVZ.org

Signed-Off-By: Kirill Korotaev <dev@openvz.org>
Signed-Off-By: Solar Designer <solar@openwall.com>
Signed-off-by: Patrck McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04 23:51:25 -08:00
..
ip6_queue.c [NET]: Fix packet timestamping. 2005-10-03 13:57:23 -07:00
ip6_tables.c [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
ip6t_ah.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_dst.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_esp.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_eui64.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_frag.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_hbh.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_hl.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_HL.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_ipv6header.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_LOG.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
ip6t_multiport.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_owner.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6t_policy.c [NETFILTER] ip[6]t_policy: Fix compilation warnings 2006-01-17 02:26:34 -08:00
ip6t_REJECT.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6t_rt.c [NETFILTER] ip6tables: whitespace and indent cosmetic cleanup 2006-01-17 02:39:39 -08:00
ip6table_filter.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6table_mangle.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip6table_raw.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Kconfig [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Makefile [NETFILTER] Makefile cleanup 2006-01-17 02:38:56 -08:00
nf_conntrack_l3proto_ipv6.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
nf_conntrack_proto_icmpv6.c [NETFILTER]: Add ctnetlink port for nf_conntrack 2006-01-05 12:19:05 -08:00
nf_conntrack_reasm.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00