netfilter: bridge: check len before accessing more nh data - kernel/linux.git

diff options

author	Xin Long <lucien.xin@gmail.com>	2023-03-08 00:31:28 +0300
committer	Florian Westphal <fw@strlen.de>	2023-03-08 16:25:39 +0300
commit	a7f1a2f43e683c8ffca691d45f2cb32c052158fa (patch)
tree	f570b8a9651b8b56a17c8e1ad2cf0a15f703efb7 /lib/uuid.c
parent	9ccff83b1322f95da7a74784cf6f47a481e03dc5 (diff)
download	linux-a7f1a2f43e683c8ffca691d45f2cb32c052158fa.tar.xz

netfilter: bridge: check len before accessing more nh data

In the while loop of br_nf_check_hbh_len(), similar to ip6_parse_tlv(), before accessing 'nh[off + 1]', it should add a check 'len < 2'; and before parsing IPV6_TLV_JUMBO, it should add a check 'optlen > len', in case of overflows. Signed-off-by: Xin Long <lucien.xin@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Acked-by: Nikolay Aleksandrov <razor@blackwall.org> Reviewed-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>

Diffstat (limited to 'lib/uuid.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: