| From foo@baz Sun May 27 17:33:38 CEST 2018 |
| From: Florian Westphal <fw@strlen.de> |
| Date: Thu, 8 Mar 2018 12:54:19 +0100 |
| Subject: netfilter: ebtables: fix erroneous reject of last rule |
| |
| From: Florian Westphal <fw@strlen.de> |
| |
| [ Upstream commit 932909d9b28d27e807ff8eecb68c7748f6701628 ] |
| |
| The last rule in the blob has next_entry offset that is same as total size. |
| This made "ebtables32 -A OUTPUT -d de:ad:be:ef:01:02" fail on 64 bit kernel. |
| |
| Fixes: b71812168571fa ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") |
| Signed-off-by: Florian Westphal <fw@strlen.de> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/bridge/netfilter/ebtables.c | 6 +++++- |
| 1 file changed, 5 insertions(+), 1 deletion(-) |
| |
| --- a/net/bridge/netfilter/ebtables.c |
| +++ b/net/bridge/netfilter/ebtables.c |
| @@ -2097,8 +2097,12 @@ static int size_entry_mwt(struct ebt_ent |
| * offsets are relative to beginning of struct ebt_entry (i.e., 0). |
| */ |
| for (i = 0; i < 4 ; ++i) { |
| - if (offsets[i] >= *total) |
| + if (offsets[i] > *total) |
| return -EINVAL; |
| + |
| + if (i < 3 && offsets[i] == *total) |
| + return -EINVAL; |
| + |
| if (i == 0) |
| continue; |
| if (offsets[i-1] > offsets[i]) |