ebtables: arpreply: Add the standard target sanity check

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The info->target comes from userspace and it would be used directly.
So we need to add the sanity check to make sure it is a valid standard
target, although the ebtables tool has already checked it. Kernel needs
to validate anything coming from userspace.

If the target is set as an evil value, it would break the ebtables
and cause a panic. Because the non-standard target is treated as one
offset.

Now add one helper function ebt_invalid_target, and we would replace
the macro INVALID_TARGET later.

Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Gao Feng and committed by

Pablo Neira Ayuso 9 years ago c953d635 59105446

2 changed files

expand all

include

linux

netfilter_bridge

ebtables.h

net

bridge

netfilter

ebt_arpreply.c

include/linux/netfilter_bridge/ebtables.h

··· 125 125 /* True if the target is not a standard target */ 126 126 #define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) 127 127 128 + static inline bool ebt_invalid_target(int target) 129 + { 130 + return (target < -NUM_STANDARD_TARGETS || target >= 0); 131 + } 132 + 128 133 #endif

net/bridge/netfilter/ebt_arpreply.c

··· 68 68 if (e->ethproto != htons(ETH_P_ARP) || 69 69 e->invflags & EBT_IPROTO) 70 70 return -EINVAL; 71 + if (ebt_invalid_target(info->target)) 72 + return -EINVAL; 73 + 71 74 return 0; 72 75 } 73 76