UPSTREAM: netfilter: x_tables: validate e->target_offset early
authorFlorian Westphal <fw@strlen.de>
Tue, 22 Mar 2016 17:02:49 +0000 (18:02 +0100)
committermobile promotions <svcmobile_promotions@nvidia.com>
Mon, 24 Oct 2016 07:32:23 +0000 (00:32 -0700)
commitfd0f46e6a05919147dd8e17541ed228a5b1e3b74
treec3e4c38488a27c7a5ac996269ed9b53d0ab2903c
parentb58e0819e3858750220dda54ab5f2181883d28b5
UPSTREAM: netfilter: x_tables: validate e->target_offset early

(cherry pick from commit bdf533de6968e9686df777dc178486f600c6e617)

We should check that e->target_offset is sane before
mark_source_chains gets called since it will fetch the target entry
for loop detection.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Change-Id: Ic2dbc31c9525d698e94d4d8875886acf3524abbd
Bug: 29637687
Bug 1797728
(cherry picked from commit 7ed1e120e1cc31bea816709c25ebb80203ce9f1b)
Signed-off-by: Mithun Maragiri <mmaragiri@nvidia.com>
Reviewed-on: http://git-master/r/1214540
GVS: Gerrit_Virtual_Submit

(cherry picked from commit 7f418177a6ac021fc6a10560b17733577b898b6f)
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Change-Id: I4381d3ca09eb1e22f720071be6bfa2701e14b885
Reviewed-on: http://git-master/r/1226957
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c