Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit eda3fc50daa93b08774a18d51883c5a5d8d85e15

Authored by Phil Turnbull
Committed by Pablo Neira Ayuso
1 parent cec5913c15

netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter 

If a quota bit is set in NFACCT_FLAGS but the NFACCT_QUOTA parameter is
missing then a NULL pointer dereference is triggered. CAP_NET_ADMIN is
required to trigger the bug.

Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Showing 1 changed file with 2 additions and 0 deletions Side-by-side Diff

net/netfilter/nfnetlink_acct.c
Diff comments   View file @ eda3fc5
... ... @@ -96,6 +96,8 @@
96 96 return -EINVAL;
97 97 if (flags & NFACCT_F_OVERQUOTA)
98 98 return -EINVAL;
  99 + if ((flags & NFACCT_F_QUOTA) && !tb[NFACCT_QUOTA])
  100 + return -EINVAL;
99 101  
100 102 size += sizeof(u64);
101 103 }