brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 15:26:21 +09:00
Code Issues Projects Releases Wiki Activity
4.9-2.0.x-imx
linux-brain/net/bridge
History
Florian Westphal 064d9e9744 netfilter: ebtables: reject non-bridge targets 
commit 11ff7288be upstream.

the ebtables evaluation loop expects targets to return
positive values (jumps), or negative values (absolute verdicts).

This is completely different from what xtables does.
In xtables, targets are expected to return the standard netfilter
verdicts, i.e. NF_DROP, NF_ACCEPT, etc.

ebtables will consider these as jumps.

Therefore reject any target found due to unspec fallback.
v2: also reject watchers.  ebtables ignores their return value, so
a target that assumes skb ownership (and returns NF_STOLEN) causes
use-after-free.

The only watchers in the 'ebtables' front-end are log and nflog;
both have AF_BRIDGE specific wrappers on kernel side.

Reported-by: syzbot+2b43f681169a2a0d306a@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-22 14:27:39 +02:00
..
netfilter netfilter: ebtables: reject non-bridge targets 2018-07-22 14:27:39 +02:00
br_device.c bridge: switchdev: Clear forward mark when transmitting packet 2017-09-20 08:19:55 +02:00
br_fdb.c rtnetlink: fdb dump: optimize by saving last interface markers 2016-09-01 16:56:15 -07:00
br_forward.c net: bridge: allow IPv6 when multicast flood is disabled 2017-03-22 12:43:32 +01:00
br_if.c bridge: check iface upper dev when setting master via ioctl 2018-05-19 10:26:57 +02:00
br_input.c bridge: drop netfilter fake rtable unconditionally 2017-03-22 12:43:34 +01:00
br_ioctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
br_mdb.c bridge: mdb: fix leak on complete_info ptr on fail path 2017-07-21 07:42:17 +02:00
br_multicast.c bridge: multicast: restore perm router ports on multicast enable 2016-10-18 13:52:13 -04:00
br_netfilter_hooks.c netfilter: bridge: honor frag_max_size when refragmenting 2017-12-20 10:07:20 +01:00
br_netfilter_ipv6.c netfilter: bridge: add and use br_nf_hook_thresh 2016-09-24 21:25:48 +02:00
br_netlink.c net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks 2018-01-02 20:35:12 +01:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_private.h net: bridge: change unicast boolean to exact pkt_type 2016-09-01 22:48:33 -07:00
br_stp_bpdu.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
br_stp_if.c net: bridge: start hello timer only if device is up 2017-06-14 15:05:52 +02:00
br_stp_timer.c bridge: start hello_timer when enabling KERNEL_STP in br_stp_start 2017-06-07 12:07:44 +02:00
br_stp.c net: bridge: br_set_ageing_time takes a clock_t 2016-07-25 10:30:03 -07:00
br_switchdev.c bridge: switchdev: Add forward mark support for stacked devices 2016-08-26 13:13:36 -07:00
br_sysfs_br.c net: bridge: set error code on failure 2016-12-05 13:26:22 -05:00
br_sysfs_if.c bridge: check brport attr show in brport_show 2018-03-11 16:21:31 +01:00
br_vlan.c bridge: netlink: export per-vlan stats 2016-05-02 22:27:06 -04:00
br.c netfilter: bridge: clarify bridge/netfilter message 2016-10-02 22:44:03 -04:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: switchdev: Add forward mark support for stacked devices 2016-08-26 13:13:36 -07:00