redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/bridge
History
Florian Westphal 766a7ad663 netfilter: ebtables: reject non-bridge targets 
commit 11ff7288be upstream.

the ebtables evaluation loop expects targets to return
positive values (jumps), or negative values (absolute verdicts).

This is completely different from what xtables does.
In xtables, targets are expected to return the standard netfilter
verdicts, i.e. NF_DROP, NF_ACCEPT, etc.

ebtables will consider these as jumps.

Therefore reject any target found due to unspec fallback.
v2: also reject watchers.  ebtables ignores their return value, so
a target that assumes skb ownership (and returns NF_STOLEN) causes
use-after-free.

The only watchers in the 'ebtables' front-end are log and nflog;
both have AF_BRIDGE specific wrappers on kernel side.

Reported-by: syzbot+2b43f681169a2a0d306a@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-07-22 14:28:49 +02:00
..
netfilter netfilter: ebtables: reject non-bridge targets 2018-07-22 14:28:49 +02:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
br.c net: bridge: Receive notification about successful FDB offload 2017-06-08 14:16:25 -04:00
br_device.c bridge: switchdev: Use an helper to clear forward mark 2017-09-05 11:51:47 -07:00
br_fdb.c bridge: add tracepoint in br_fdb_update 2017-08-31 11:42:41 -07:00
br_forward.c bridge: add per-port broadcast flood flag 2017-04-27 16:34:29 -04:00
br_if.c bridge: check iface upper dev when setting master via ioctl 2018-05-19 10:20:23 +02:00
br_input.c net: bridge: fix dest lookup when vlan proto doesn't match 2017-07-14 08:19:23 -07:00
br_ioctl.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_mdb.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
br_multicast.c bridge: Export multicast enabled state 2017-05-26 15:18:44 -04:00
br_netfilter_hooks.c netfilter: convert hook list to an array 2017-08-28 17:44:00 +02:00
br_netfilter_ipv6.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
br_netlink.c net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks 2018-01-02 20:31:09 +01:00
br_netlink_tunnel.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private.h bridge: switchdev: Use an helper to clear forward mark 2017-09-05 11:51:47 -07:00
br_private_stp.h net: bridge: add helper to set topology change 2016-12-10 21:27:23 -05:00
br_private_tunnel.h bridge: vlan dst_metadata hooks in ingress and egress paths 2017-02-03 15:21:22 -05:00
br_stp.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_stp_bpdu.c net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
br_stp_if.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-06 22:20:08 -04:00
br_stp_timer.c bridge: start hello_timer when enabling KERNEL_STP in br_stp_start 2017-05-21 13:33:28 -04:00
br_switchdev.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
br_sysfs_br.c net: bridge: constify attribute_group structures. 2017-06-29 15:48:52 -04:00
br_sysfs_if.c bridge: check brport attr show in brport_show 2018-03-08 22:41:07 -08:00
br_vlan.c bridge: Fix VLAN reference count problem 2018-03-08 22:41:15 -08:00
br_vlan_tunnel.c bridge: vlan_tunnel: explicitly reset metadata attrs to NULL on failure 2017-02-17 13:33:41 -05:00