[Kernel] Re: [PATCH OpenHarmony-4.19 16/17] netfilter: x_tables: fix compat match/target pad out-of-bound write

在 2021/7/31 11:14, Yu Changchun 写道:

From: Florian Westphal

stable inclusion from linux-4.19.188 commit 12ec80252edefff00809d473a47e5f89c7485499 category: bugfix issue: #I42HLL CVE: CVE-2021-22555

--------------------------------

commit b29c457a6511435960115c0f548c4360d5f4801d upstream.

xt_compat_match/target_from_user doesn't check that zeroing the area to start of next rule won't write past end of allocated ruleset blob.

Remove this code and zero the entire blob beforehand.

Reported-by: syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com Reported-by: Andy Nguyen Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman Signed-off-by: Yang Yingliang Signed-off-by: Yu Changchun --- net/ipv4/netfilter/arp_tables.c | 2 ++ net/ipv4/netfilter/ip_tables.c | 2 ++ net/ipv6/netfilter/ip6_tables.c | 2 ++ net/netfilter/x_tables.c | 10 ++-------- 4 files changed, 8 insertions(+), 8 deletions(-)

Looks good to me