diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-09-07 11:26:18 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-09-28 12:04:05 +0300 |
commit | 721ea8ac063d70c2078c4e762212705de6151764 (patch) | |
tree | 424d91ab7d5281a3579bb9c084b453e4328b9a59 | |
parent | d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2 (diff) | |
download | linux-721ea8ac063d70c2078c4e762212705de6151764.tar.xz |
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
[ Upstream commit 559c36c5a8d730c49ef805a72b213d3bba155cc8 ]
nf_osf_find() incorrectly returns true on mismatch, this leads to
copying uninitialized memory area in nft_osf which can be used to leak
stale kernel stack data to userspace.
Fixes: 22c7652cdaa8 ("netfilter: nft_osf: Add version option support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | net/netfilter/nfnetlink_osf.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c index 79fbf37291f3..51e3953b414c 100644 --- a/net/netfilter/nfnetlink_osf.c +++ b/net/netfilter/nfnetlink_osf.c @@ -269,6 +269,7 @@ bool nf_osf_find(const struct sk_buff *skb, struct nf_osf_hdr_ctx ctx; const struct tcphdr *tcp; struct tcphdr _tcph; + bool found = false; memset(&ctx, 0, sizeof(ctx)); @@ -283,10 +284,11 @@ bool nf_osf_find(const struct sk_buff *skb, data->genre = f->genre; data->version = f->version; + found = true; break; } - return true; + return found; } EXPORT_SYMBOL_GPL(nf_osf_find); |