[RHEL7,COMMIT] ms/netfilter: nf_tables: validate NFTA_SET_TABLE parameter

Submitted by Vasily Averin on Aug. 21, 2020, 8:06 a.m.


Message ID 202008210806.07L86VcI013888@vz7build.vvs.sw.ru
State New
Series "ms/netfilter: nf_tables: validate NFTA_SET_TABLE parameter"
Headers show

Commit Message

Vasily Averin Aug. 21, 2020, 8:06 a.m.
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.3
commit d3bef0951e541d534dc9f9e9107d37b1a9eaed6b
Author: Phil Turnbull <phil.turnbull@oracle.com>
Date:   Fri Aug 21 11:06:30 2020 +0300

    ms/netfilter: nf_tables: validate NFTA_SET_TABLE parameter
    If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is
    not set, then a NULL pointer dereference is triggered in
    nf_tables_set_lookup because ctx.table is NULL.
    Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    (cherry-picked from commit ca4463bf8438b403596edd0ec961ca0d4fbe0220)
    Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
 net/netfilter/nf_tables_api.c | 2 ++
 1 file changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 4692c36..14e030b 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2680,6 +2680,8 @@  static int nf_tables_getset(struct sock *nlsk, struct sk_buff *skb,
 	/* Only accept unspec with dump */
 	if (nfmsg->nfgen_family == NFPROTO_UNSPEC)
 		return -EAFNOSUPPORT;
+	if (!nla[NFTA_SET_TABLE])
+		return -EINVAL;
 	set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]);
 	if (IS_ERR(set))