android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cf5a69e355
android_kernel_xiaomi_sm8450/include
History
Dan Carpenter 9a865a11d6 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 
commit c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 upstream.

The problem is in nft_byteorder_eval() where we are iterating through a
loop and writing to dst[0], dst[1], dst[2] and so on...  On each
iteration we are writing 8 bytes.  But dst[] is an array of u32 so each
element only has space for 4 bytes.  That means that every iteration
overwrites part of the previous element.

I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter:
nf_tables: prevent OOB access in nft_byteorder_eval") which is a related
issue.  I think that the reason we have not detected this bug in testing
is that most of time we only write one element.

Fixes: ce1e7989d9 ("netfilter: nft_byteorder: provide 64bit le/be conversion")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[Ajay: Modified to apply on v5.10.y]
Signed-off-by: Ajay Kaher <ajay.kaher@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-23 08:42:32 +01:00
..
acpi ACPI: APEI: explicit init of HEST and GHES in apci_init() 2023-09-19 12:20:28 +02:00
asm-generic asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation 2023-12-20 15:44:35 +01:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-07-14 16:56:12 +02:00
crypto crypto: af_alg - Disallow multiple in-flight AIO requests 2024-01-25 14:37:42 -08:00
drm drm: using mul_u32_u32() requires linux/math64.h 2024-02-23 08:42:15 +01:00
dt-bindings dt-bindings: clock: Update the videocc resets for sm8150 2024-01-25 14:37:48 -08:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:30 -04:00
kunit kunit: fix display of failed expectations for strings 2020-11-10 13:45:15 -07:00
kvm ARM: 2020-10-23 11:17:56 -07:00
linux PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() 2024-02-23 08:42:32 +01:00
math-emu
media media: v4l2-mem2mem: add lock to protect parameter num_rdy 2023-08-26 15:26:44 +02:00
memory memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode 2022-05-09 09:05:02 +02:00
misc
net netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:42:32 +01:00
pcmcia
ras mm,hwpoison: introduce MF_MSG_UNSPLIT_THP 2020-10-16 11:11:17 -07:00
rdma RDMA/cma: Always set static rate to 0 for RoCE 2023-06-21 15:45:39 +02:00
scsi scsi: core: Introduce enum scsi_disposition 2024-02-23 08:42:15 +01:00
soc firmware: raspberrypi: Introduce devm_rpi_firmware_get() 2023-05-17 11:48:02 +02:00
sound ASoC: soc-card: Add storage for PCI SSID 2023-11-28 16:54:51 +00:00
target scsi: target: Fix multiple LUN_RESET handling 2023-05-17 11:47:48 +02:00
trace neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section 2023-10-25 11:54:20 +02:00
uapi netfilter: nft_compat: reject unused compat flag 2024-02-23 08:42:20 +01:00
vdso
video video: of_display_timing.h: include errno.h 2022-07-12 16:32:19 +02:00
xen ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 2023-05-17 11:47:42 +02:00