aeadd93f2b0a609f603ac33e574b97a9832d1b90 - linux-5.10

commit	aeadd93f2b0a609f603ac33e574b97a9832d1b90	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Sat Sep 22 16:46:48 2018 +0300
committer	David S. Miller <davem@davemloft.net>	Mon Oct 01 22:34:14 2018 -0700
tree	32784e4248856c3d4ca4d65f413d4ef301fb3c06
parent	ee0b6f4834b59bb0002e2dc8f42a73a399a9246e [diff]

net: sched: act_ipt: check for underflow in __tcf_ipt_init()

If "td->u.target_size" is larger than sizeof(struct xt_entry_target) we
return -EINVAL.  But we don't check whether it's smaller than
sizeof(struct xt_entry_target) and that could lead to an out of bounds
read.

Fixes: 7ba699c604ab ("[NET_SCHED]: Convert actions from rtnetlink to new netlink API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/sched/act_ipt.c[diff]

1 file changed

tree: 32784e4248856c3d4ca4d65f413d4ef301fb3c06