diff options
author | Eric Dumazet <edumazet@google.com> | 2017-10-05 02:50:07 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-09-19 22:47:16 +0200 |
commit | 3ea051bcf2cd0860c97c7133e1a20923be7529fb (patch) | |
tree | 2d57edb7ecaebe3ed34f66499ccb9346a057a6a6 /net/netfilter/nf_conntrack_labels.c | |
parent | 2679c2231bc3fb260f74e1faf7d6810427b1fc6e (diff) |
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
commit e466af75c074e76107ae1cd5a2823e9c61894ffb upstream.
syzkaller reports an out of bound read in strlcpy(), triggered
by xt_copy_counters_from_user()
Fix this by using memcpy(), then forcing a zero byte at the last position
of the destination, as Florian did for the non COMPAT code.
Fixes: d7591f0c41ce ("netfilter: x_tables: introduce and use xt_copy_counters_from_user")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_labels.c')
0 files changed, 0 insertions, 0 deletions