[PATCH 4.4 122/230] netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
From: Greg Kroah-Hartman
Date: Fri Mar 22 2019 - 07:34:12 EST
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Phil Turnbull <phil.turnbull@xxxxxxxxxx>
commit 017b1b6d28c479f1ad9a7a41f775545a3e1cba35 upstream.
nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and
NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer
dereference. CAP_NET_ADMIN is required to trigger the bug.
Signed-off-by: Phil Turnbull <phil.turnbull@xxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Cc: Zubin Mithra <zsm@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nfnetlink_acct.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -243,6 +243,9 @@ nfacct_filter_alloc(const struct nlattr
if (err < 0)
return ERR_PTR(err);
+ if (!tb[NFACCT_FILTER_MASK] || !tb[NFACCT_FILTER_VALUE])
+ return ERR_PTR(-EINVAL);
+
filter = kzalloc(sizeof(struct nfacct_filter), GFP_KERNEL);
if (!filter)
return ERR_PTR(-ENOMEM);