/[packages]/backports/8/kernel/current/SOURCES/netfilter-nft_payload-do-not-truncate-csum_offset-an.patch
ViewVC logotype

Contents of /backports/8/kernel/current/SOURCES/netfilter-nft_payload-do-not-truncate-csum_offset-an.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1881590 - (show annotations) (download)
Mon Aug 29 03:49:40 2022 UTC (19 months, 3 weeks ago) by tmb
File size: 2367 byte(s) 
- add current -stable queue
- io_uring: fix issue with io_write() not always undoing sb_start_write()
- HID: input: fix uclogic tablets
1 From 12394e1b36151809f15c2ee835233dfe252e8fb1 Mon Sep 17 00:00:00 2001
2 From: Sasha Levin <sashal@kernel.org>
3 Date: Sun, 21 Aug 2022 11:55:19 +0200
4 Subject: netfilter: nft_payload: do not truncate csum_offset and csum_type
5
6 From: Pablo Neira Ayuso <pablo@netfilter.org>
7
8 [ Upstream commit 7044ab281febae9e2fa9b0b247693d6026166293 ]
9
10 Instead report ERANGE if csum_offset is too long, and EOPNOTSUPP if type
11 is not support.
12
13 Fixes: 7ec3f7b47b8d ("netfilter: nft_payload: add packet mangling support")
14 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
15 Signed-off-by: Sasha Levin <sashal@kernel.org>
16 ---
17 net/netfilter/nft_payload.c | 19 +++++++++++++------
18 1 file changed, 13 insertions(+), 6 deletions(-)
19
20 diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
21 index 4fee67abfe2c5..eb0e40c297121 100644
22 --- a/net/netfilter/nft_payload.c
23 +++ b/net/netfilter/nft_payload.c
24 @@ -740,17 +740,23 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
25 const struct nlattr * const tb[])
26 {
27 struct nft_payload_set *priv = nft_expr_priv(expr);
28 + u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE;
29 + int err;
30
31 priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
32 priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
33 priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
34
35 if (tb[NFTA_PAYLOAD_CSUM_TYPE])
36 - priv->csum_type =
37 - ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
38 - if (tb[NFTA_PAYLOAD_CSUM_OFFSET])
39 - priv->csum_offset =
40 - ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET]));
41 + csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
42 + if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) {
43 + err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX,
44 + &csum_offset);
45 + if (err < 0)
46 + return err;
47 +
48 + priv->csum_offset = csum_offset;
49 + }
50 if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
51 u32 flags;
52
53 @@ -761,7 +767,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
54 priv->csum_flags = flags;
55 }
56
57 - switch (priv->csum_type) {
58 + switch (csum_type) {
59 case NFT_PAYLOAD_CSUM_NONE:
60 case NFT_PAYLOAD_CSUM_INET:
61 break;
62 @@ -775,6 +781,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
63 default:
64 return -EOPNOTSUPP;
65 }
66 + priv->csum_type = csum_type;
67
68 return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg,
69 priv->len);
70 --
71 2.35.1
72
  ViewVC Help
Powered by ViewVC 1.1.30