summaryrefslogtreecommitdiff
path: root/block/blk-softirq.c
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2016-06-01 02:04:44 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-06-02 14:09:33 +0200
commit7b7eba0f3515fca3296b8881d583f7c1042f5226 (patch)
treef40d9356a7e4e27fe84b4edec024327e3a16e367 /block/blk-softirq.c
parent14b84e8654c89ed59f433654e6bb64c886d095cd (diff)
netfilter: x_tables: don't reject valid target size on some architectures
Quoting John Stultz: In updating a 32bit arm device from 4.6 to Linus' current HEAD, I noticed I was having some trouble with networking, and realized that /proc/net/ip_tables_names was suddenly empty. Digging through the registration process, it seems we're catching on the: if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 && target_offset + sizeof(struct xt_standard_target) != next_offset) return -EINVAL; Where next_offset seems to be 4 bytes larger then the offset + standard_target struct size. next_offset needs to be aligned via XT_ALIGN (so we can access all members of ip(6)t_entry struct). This problem didn't show up on i686 as it only needs 4-byte alignment for u64, but iptables userspace on other 32bit arches does insert extra padding. Reported-by: John Stultz <john.stultz@linaro.org> Tested-by: John Stultz <john.stultz@linaro.org> Fixes: 7ed2abddd20cf ("netfilter: x_tables: check standard target size too") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'block/blk-softirq.c')
0 files changed, 0 insertions, 0 deletions