tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: xt_recent: fix stack overread in compat code

Related-to: commit 325fb5b4d26038cba665dd0d8ee09555321061f0

The compat path suffers from a similar problem. It only uses a __be32
when all of the recent code uses, and expects, an nf_inet_addr
everywhere. As a result, addresses stored by xt_recents were
filled with whatever other stuff was on the stack following the be32.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

With a minor compile fix from Roman.

Reported-and-tested-by: Roman Hoog Antink <rha@open.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Jan Engelhardt and committed by
Patrick McHardy 37e55cf0 71951b64

+4 -5
+4 -5
net/netfilter/xt_recent.c
··· 474 474 struct recent_table *t = pde->data; 475 475 struct recent_entry *e; 476 476 char buf[sizeof("+255.255.255.255")], *c = buf; 477 - __be32 addr; 477 + union nf_inet_addr addr = {}; 478 478 int add; 479 479 480 480 if (size > sizeof(buf)) ··· 506 506 add = 1; 507 507 break; 508 508 } 509 - addr = in_aton(c); 509 + addr.ip = in_aton(c); 510 510 511 511 spin_lock_bh(&recent_lock); 512 - e = recent_entry_lookup(t, (const void *)&addr, NFPROTO_IPV4, 0); 512 + e = recent_entry_lookup(t, &addr, NFPROTO_IPV4, 0); 513 513 if (e == NULL) { 514 514 if (add) 515 - recent_entry_init(t, (const void *)&addr, 516 - NFPROTO_IPV4, 0); 515 + recent_entry_init(t, &addr, NFPROTO_IPV4, 0); 517 516 } else { 518 517 if (add) 519 518 recent_entry_update(t, e);