redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/bridge/netfilter
History
Florian Westphal 766a7ad663 netfilter: ebtables: reject non-bridge targets 
commit 11ff7288be upstream.

the ebtables evaluation loop expects targets to return
positive values (jumps), or negative values (absolute verdicts).

This is completely different from what xtables does.
In xtables, targets are expected to return the standard netfilter
verdicts, i.e. NF_DROP, NF_ACCEPT, etc.

ebtables will consider these as jumps.

Therefore reject any target found due to unspec fallback.
v2: also reject watchers.  ebtables ignores their return value, so
a target that assumes skb ownership (and returns NF_STOLEN) causes
use-after-free.

The only watchers in the 'ebtables' front-end are log and nflog;
both have AF_BRIDGE specific wrappers on kernel side.

Reported-by: syzbot+2b43f681169a2a0d306a@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-07-22 14:28:49 +02:00
..
Kconfig netfilter: nf_log: add packet logging for netdev family 2016-11-01 20:50:30 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ebt_802_3.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_among.c netfilter: bridge: ebt_among: add more missing match size checks 2018-04-08 14:26:29 +02:00
ebt_arp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_arpreply.c ebtables: arpreply: Add the standard target sanity check 2017-05-16 10:24:27 +02:00
ebt_dnat.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_ip.c netfilter: ebtables: fix indent on if statements 2017-08-24 18:56:17 +02:00
ebt_ip6.c netfilter: ebtables: fix indent on if statements 2017-08-24 18:56:17 +02:00
ebt_limit.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
ebt_log.c netfilter: Use pr_cont where appropriate 2017-03-06 18:00:48 +01:00
ebt_mark.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_mark_m.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_nflog.c netfilter: ebt_nflog: fix unexpected truncated packet 2017-06-29 18:47:02 +02:00
ebt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_redirect.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_snat.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_stp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_vlan.c netfilter-bridge: use netdev style comments 2015-11-23 17:54:39 +01:00
ebtable_broute.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtable_filter.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtable_nat.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtables.c netfilter: ebtables: reject non-bridge targets 2018-07-22 14:28:49 +02:00
nf_log_bridge.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_tables_bridge.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nft_meta_bridge.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_reject_bridge.c net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00