[Bridge] [PATCH nf] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
Pablo Neira Ayuso
pablo at netfilter.org
Sun Feb 25 19:08:00 UTC 2018
On Mon, Feb 19, 2018 at 01:24:15AM +0100, Florian Westphal wrote:
> We need to make sure the offsets are not out of range of the
> total size.
> Also check that they are in ascending order.
>
> The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
> changed to also bail out, no point in continuing parsing.
>
> Briefly tested with simple ruleset of
> -A INPUT --limit 1/s' --log
> plus jump to custom chains using 32bit ebtables binary.
Also applied, thanks.
More information about the Bridge
mailing list