[kernel] r22465 - in dists/wheezy/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at moszumanska.debian.org
Tue Mar 31 03:43:50 UTC 2015
Author: benh
Date: Tue Mar 31 03:43:50 2015
New Revision: 22465
Log:
netfilter: ipset: Check and reject crazy /0 input parameters (Closes: #732689)
Added:
dists/wheezy/linux/debian/patches/bugfix/all/netfilter-ipset-Check-and-reject-crazy-0-input-param.patch
Modified:
dists/wheezy/linux/debian/changelog
dists/wheezy/linux/debian/patches/series
Modified: dists/wheezy/linux/debian/changelog
==============================================================================
--- dists/wheezy/linux/debian/changelog Tue Mar 31 03:27:45 2015 (r22464)
+++ dists/wheezy/linux/debian/changelog Tue Mar 31 03:43:50 2015 (r22465)
@@ -81,6 +81,8 @@
* hpsa: Update device ID tables (Closes: #781548)
* NFSv4: Fix oops in nfs4_handle_exception when server returns
NFS4ERR_OPENMODE (Closes: #731439)
+ * netfilter: ipset: Check and reject crazy /0 input parameters
+ (Closes: #732689)
-- Ben Hutchings <ben at decadent.org.uk> Mon, 23 Feb 2015 03:42:59 +0000
Added: dists/wheezy/linux/debian/patches/bugfix/all/netfilter-ipset-Check-and-reject-crazy-0-input-param.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy/linux/debian/patches/bugfix/all/netfilter-ipset-Check-and-reject-crazy-0-input-param.patch Tue Mar 31 03:43:50 2015 (r22465)
@@ -0,0 +1,126 @@
+From: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
+Date: Tue, 4 Sep 2012 17:45:59 +0200
+Subject: netfilter: ipset: Check and reject crazy /0 input parameters
+Origin: https://git.kernel.org/linus/b9fed748185a96b7cfe74afac4bd228e8af16f01
+
+bitmap:ip and bitmap:ip,mac type did not reject such a crazy range
+when created and using such a set results in a kernel crash.
+The hash types just silently ignored such parameters.
+
+Reject invalid /0 input parameters explicitely.
+
+Signed-off-by: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
+---
+ net/netfilter/ipset/ip_set_bitmap_ip.c | 10 ++++++----
+ net/netfilter/ipset/ip_set_bitmap_ipmac.c | 5 +++--
+ net/netfilter/ipset/ip_set_hash_ip.c | 2 +-
+ net/netfilter/ipset/ip_set_hash_ipport.c | 2 +-
+ net/netfilter/ipset/ip_set_hash_ipportip.c | 2 +-
+ net/netfilter/ipset/ip_set_hash_ipportnet.c | 2 +-
+ 6 files changed, 13 insertions(+), 10 deletions(-)
+
+--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
++++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
+@@ -282,7 +282,7 @@ bitmap_ip_uadt(struct ip_set *set, struc
+ } else if (tb[IPSET_ATTR_CIDR]) {
+ u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
+
+- if (cidr > 32)
++ if (!cidr || cidr > 32)
+ return -IPSET_ERR_INVALID_CIDR;
+ ip_set_mask_from_to(ip, ip_to, cidr);
+ } else
+@@ -451,7 +451,8 @@ static int
+ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
+ {
+ struct bitmap_ip *map;
+- u32 first_ip, last_ip, hosts, elements;
++ u32 first_ip, last_ip, hosts;
++ u64 elements;
+ u8 netmask = 32;
+ int ret;
+
+@@ -494,7 +495,7 @@ bitmap_ip_create(struct ip_set *set, str
+
+ if (netmask == 32) {
+ hosts = 1;
+- elements = last_ip - first_ip + 1;
++ elements = (u64)last_ip - first_ip + 1;
+ } else {
+ u8 mask_bits;
+ u32 mask;
+@@ -512,7 +513,8 @@ bitmap_ip_create(struct ip_set *set, str
+ if (elements > IPSET_BITMAP_MAX_RANGE + 1)
+ return -IPSET_ERR_BITMAP_RANGE_SIZE;
+
+- pr_debug("hosts %u, elements %u\n", hosts, elements);
++ pr_debug("hosts %u, elements %llu\n",
++ hosts, (unsigned long long)elements);
+
+ map = kzalloc(sizeof(*map), GFP_KERNEL);
+ if (!map)
+--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
++++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+@@ -552,7 +552,8 @@ static int
+ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],
+ u32 flags)
+ {
+- u32 first_ip, last_ip, elements;
++ u32 first_ip, last_ip;
++ u64 elements;
+ struct bitmap_ipmac *map;
+ int ret;
+
+@@ -583,7 +584,7 @@ bitmap_ipmac_create(struct ip_set *set,
+ } else
+ return -IPSET_ERR_PROTOCOL;
+
+- elements = last_ip - first_ip + 1;
++ elements = (u64)last_ip - first_ip + 1;
+
+ if (elements > IPSET_BITMAP_MAX_RANGE + 1)
+ return -IPSET_ERR_BITMAP_RANGE_SIZE;
+--- a/net/netfilter/ipset/ip_set_hash_ip.c
++++ b/net/netfilter/ipset/ip_set_hash_ip.c
+@@ -177,7 +177,7 @@ hash_ip4_uadt(struct ip_set *set, struct
+ } else if (tb[IPSET_ATTR_CIDR]) {
+ u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
+
+- if (cidr > 32)
++ if (!cidr || cidr > 32)
+ return -IPSET_ERR_INVALID_CIDR;
+ ip_set_mask_from_to(ip, ip_to, cidr);
+ } else
+--- a/net/netfilter/ipset/ip_set_hash_ipport.c
++++ b/net/netfilter/ipset/ip_set_hash_ipport.c
+@@ -216,7 +216,7 @@ hash_ipport4_uadt(struct ip_set *set, st
+ } else if (tb[IPSET_ATTR_CIDR]) {
+ u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
+
+- if (cidr > 32)
++ if (!cidr || cidr > 32)
+ return -IPSET_ERR_INVALID_CIDR;
+ ip_set_mask_from_to(ip, ip_to, cidr);
+ } else
+--- a/net/netfilter/ipset/ip_set_hash_ipportip.c
++++ b/net/netfilter/ipset/ip_set_hash_ipportip.c
+@@ -224,7 +224,7 @@ hash_ipportip4_uadt(struct ip_set *set,
+ } else if (tb[IPSET_ATTR_CIDR]) {
+ u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
+
+- if (cidr > 32)
++ if (!cidr || cidr > 32)
+ return -IPSET_ERR_INVALID_CIDR;
+ ip_set_mask_from_to(ip, ip_to, cidr);
+ } else
+--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
++++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
+@@ -255,7 +255,7 @@ hash_ipportnet4_uadt(struct ip_set *set,
+ } else if (tb[IPSET_ATTR_CIDR]) {
+ u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
+
+- if (cidr > 32)
++ if (!cidr || cidr > 32)
+ return -IPSET_ERR_INVALID_CIDR;
+ ip_set_mask_from_to(ip, ip_to, cidr);
+ }
Modified: dists/wheezy/linux/debian/patches/series
==============================================================================
--- dists/wheezy/linux/debian/patches/series Tue Mar 31 03:27:45 2015 (r22464)
+++ dists/wheezy/linux/debian/patches/series Tue Mar 31 03:43:50 2015 (r22465)
@@ -1155,3 +1155,4 @@
features/all/hpsa/0011-hpsa-add-in-P840ar-controller-model-name.patch
bugfix/all/nfsv4-minor-cleanups-for-nfs4_handle_exception-and-n.patch
+bugfix/all/netfilter-ipset-Check-and-reject-crazy-0-input-param.patch
More information about the Kernel-svn-changes
mailing list