kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   678063aa1425c5fee2dc993e6cd635f549601f8b
  2.   patches.suse
  3.   netfilter-nf_tables-disallow-binding-to-already-boun.patch
Blob Blame History Raw 
From e02f0d3970404bfea385b6edb86f2d936db0ea2b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 22 Aug 2022 11:06:39 +0200
Subject: [PATCH] netfilter: nf_tables: disallow binding to already bound chain
Patch-mainline: v6.0-rc3
Git-commit: e02f0d3970404bfea385b6edb86f2d936db0ea2b
References: CVE-2022-39190 bsc#1203117

Update nft_data_init() to report EINVAL if chain is already bound.

Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Reported-by: Gwangun Jung <exsociety@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Denis Kirjanov <dkirjanov@suse.de>
---
 net/netfilter/nf_tables_api.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 72c066a33416..2ee50e23c9b7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9407,6 +9407,8 @@ static int nft_verdict_init(const struct
 			return PTR_ERR(chain);
 		if (nft_is_base_chain(chain))
 			return -EOPNOTSUPP;
+		if (nft_chain_is_bound(chain))
+			return -EINVAL;
 
 		chain->use++;
 		data->verdict.chain = chain;
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.