[NETFILTER]: xt_hashlimit/xt_string: missing string validation
The hashlimit table name and the textsearch algorithm need to be terminated, the textsearch pattern length must not exceed the maximum size. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
committed by
David S. Miller
David S. Miller
parent
b10866fd7d
commit
3ab720881b
@@ -508,6 +508,9 @@ hashlimit_checkentry(const char *tablename,
|
|||||||
if (!r->cfg.expire)
|
if (!r->cfg.expire)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
if (r->name[sizeof(r->name) - 1] != '\0')
|
||||||
|
return 0;
|
||||||
|
|
||||||
/* This is the best we've got: We cannot release and re-grab lock,
|
/* This is the best we've got: We cannot release and re-grab lock,
|
||||||
* since checkentry() is called before ip_tables.c grabs ipt_mutex.
|
* since checkentry() is called before ip_tables.c grabs ipt_mutex.
|
||||||
* We also cannot grab the hashtable spinlock, since htable_create will
|
* We also cannot grab the hashtable spinlock, since htable_create will
|
||||||
|
|||||||
@@ -55,7 +55,10 @@ static int checkentry(const char *tablename,
|
|||||||
/* Damn, can't handle this case properly with iptables... */
|
/* Damn, can't handle this case properly with iptables... */
|
||||||
if (conf->from_offset > conf->to_offset)
|
if (conf->from_offset > conf->to_offset)
|
||||||
return 0;
|
return 0;
|
||||||
|
if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
|
||||||
|
return 0;
|
||||||
|
if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
|
||||||
|
return 0;
|
||||||
ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
|
ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
|
||||||
GFP_KERNEL, TS_AUTOLOAD);
|
GFP_KERNEL, TS_AUTOLOAD);
|
||||||
if (IS_ERR(ts_conf))
|
if (IS_ERR(ts_conf))
|
||||||
|
|||||||
Reference in New Issue
Block a user