net/netfilter/xt_RATEEST.c · v5.11-rc4 · Dennis Giaya / linux

Dec 22, 2020

netfilter: xt_RATEEST: reject non-null terminated string from userspace · 6cb56218

Florian Westphal authored Dec 22, 2020



syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
 strlen include/linux/string.h:325 [inline]
 strlcpy include/linux/string.h:348 [inline]
 xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143

strlcpy assumes src is a c-string. Check info->name before its used.

Reported-by:  <syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com>
Fixes: 5859034d ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

6cb56218

netfilter: xt_RATEEST: reject non-null terminated string from userspace

Florian Westphal authored Dec 22, 2020



syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
 strlen include/linux/string.h:325 [inline]
 strlcpy include/linux/string.h:348 [inline]
 xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143

strlcpy assumes src is a c-string. Check info->name before its used.

Reported-by:  <syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com>
Fixes: 5859034d ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Admin message