netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user - kernel/linux.git

diff options

author	Eric Dumazet <edumazet@google.com>	2017-10-05 12:50:07 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-09-26 09:33:55 +0300
commit	a4508e0383daf5a97aa8c0bbcbfc3914d6948010 (patch)
tree	77b435f59af96dfa32a5159127f1e4ce524ea294 /mm
parent	449fab4df70f6d43f64f8bd2afafdf9c62c4bbc2 (diff)
download	linux-a4508e0383daf5a97aa8c0bbcbfc3914d6948010.tar.xz

netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user

commit e466af75c074e76107ae1cd5a2823e9c61894ffb upstream. syzkaller reports an out of bound read in strlcpy(), triggered by xt_copy_counters_from_user() Fix this by using memcpy(), then forcing a zero byte at the last position of the destination, as Florian did for the non COMPAT code. Fixes: d7591f0c41ce ("netfilter: x_tables: introduce and use xt_copy_counters_from_user") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Willem de Bruijn <willemb@google.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Greg Hackmann <ghackmann@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'mm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: