Commit 017b1b6d28c479f1ad9a7a41f775545a3e1cba35
Committed by
Pablo Neira Ayuso
1 parent
472681d57a
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer dereference. CAP_NET_ADMIN is required to trigger the bug. Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Showing 1 changed file with 3 additions and 0 deletions Side-by-side Diff
net/netfilter/nfnetlink_acct.c
... | ... | @@ -242,6 +242,9 @@ |
242 | 242 | if (err < 0) |
243 | 243 | return ERR_PTR(err); |
244 | 244 | |
245 | + if (!tb[NFACCT_FILTER_MASK] || !tb[NFACCT_FILTER_VALUE]) | |
246 | + return ERR_PTR(-EINVAL); | |
247 | + | |
245 | 248 | filter = kzalloc(sizeof(struct nfacct_filter), GFP_KERNEL); |
246 | 249 | if (!filter) |
247 | 250 | return ERR_PTR(-ENOMEM); |