summaryrefslogtreecommitdiff
path: root/net/netfilter/xt_limit.c
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2018-01-29 13:21:20 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-01-31 14:59:24 +0100
commit1e98ffea5a8935ec040ab72299e349cb44b8defd (patch)
tree512f7e462d332f478c0e3459ca1794abc0c32a9d /net/netfilter/xt_limit.c
parent0b8d9073539e217f79ec1bff65eb205ac796723d (diff)
netfilter: x_tables: fix pointer leaks to userspace
Several netfilter matches and targets put kernel pointers into info objects, but don't set usersize in descriptors. This leads to kernel pointer leaks if a match/target is set and then read back to userspace. Properly set usersize for these matches/targets. Found with manual code inspection. Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize") Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_limit.c')
-rw-r--r--net/netfilter/xt_limit.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index d27b5f1ea619..61403b77361c 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -193,9 +193,8 @@ static struct xt_match limit_mt_reg __read_mostly = {
.compatsize = sizeof(struct compat_xt_rateinfo),
.compat_from_user = limit_mt_compat_from_user,
.compat_to_user = limit_mt_compat_to_user,
-#else
- .usersize = offsetof(struct xt_rateinfo, prev),
#endif
+ .usersize = offsetof(struct xt_rateinfo, prev),
.me = THIS_MODULE,
};