[PATCH 00/19][wily, xenial, yakkety] Misc netfilter fixes (including CVE-2016-3134)

Luis Henriques luis.henriques at canonical.com
Thu Jun 23 18:32:13 UTC 2016


BugLink: https://bugs.launchpad.net/bugs/1595350
BugLink: https://bugs.launchpad.net/bugs/1555338

Following this email I am sending several netfilter fixes, including the fix for
CVE-2016-3134.  Most of these patches are clean cherry-picks; only one of the
patches required minor context adjustment.

Florian Westphal (19):
  netfilter: x_tables: validate e->target_offset early
  netfilter: x_tables: make sure e->next_offset covers remaining blob
    size
  netfilter: x_tables: fix unconditional helper
  netfilter: x_tables: don't move to non-existent next rule
  netfilter: x_tables: validate targets of jumps
  netfilter: x_tables: add and use xt_check_entry_offsets
  netfilter: x_tables: kill check_entry helper
  netfilter: x_tables: assert minimum target size
  netfilter: x_tables: add compat version of xt_check_entry_offsets
  netfilter: x_tables: check standard target size too
  netfilter: x_tables: check for bogus target offset
  netfilter: x_tables: validate all offsets and sizes in a rule
  netfilter: x_tables: don't reject valid target size on some
    architectures
  netfilter: arp_tables: simplify translate_compat_table args
  netfilter: ip_tables: simplify translate_compat_table args
  netfilter: ip6_tables: simplify translate_compat_table args
  netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
  netfilter: x_tables: do compat validation via translate_table
  netfilter: x_tables: introduce and use xt_copy_counters_from_user

 include/linux/netfilter/x_tables.h |  12 +-
 net/ipv4/netfilter/arp_tables.c    | 322 +++++++++++----------------------
 net/ipv4/netfilter/ip_tables.c     | 354 +++++++++++--------------------------
 net/ipv6/netfilter/ip6_tables.c    | 348 ++++++++++--------------------------
 net/netfilter/x_tables.c           | 245 ++++++++++++++++++++++++-
 5 files changed, 562 insertions(+), 719 deletions(-)





More information about the kernel-team mailing list