laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone

Blame SOURCES/extensions-REJECT-Check-for-array-overrun.patch

9a3fa7
From 20f5f3c0c3b4cebc60af3d2def0ac983f54bfb06 Mon Sep 17 00:00:00 2001
9a3fa7
From: Phil Sutter <psutter@redhat.com>
9a3fa7
Date: Fri, 15 Mar 2019 17:52:01 +0100
9a3fa7
Subject: [PATCH] extensions: REJECT: Check for array overrun
9a3fa7
9a3fa7
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
9a3fa7
Upstream Status: RHEL-only
9a3fa7
9a3fa7
This might happen in theory if enum ip6t_reject_with was extended in
9a3fa7
kernel and some other tool added a rule making use of the new value.
9a3fa7
9a3fa7
Signed-off-by: Phil Sutter <psutter@redhat.com>
9a3fa7
---
9a3fa7
 extensions/libip6t_REJECT.c | 8 ++++++++
9a3fa7
 extensions/libipt_REJECT.c  | 8 ++++++++
9a3fa7
 2 files changed, 16 insertions(+)
9a3fa7
9a3fa7
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
9a3fa7
index 8085321a6d654..86f2d04296294 100644
9a3fa7
--- a/extensions/libip6t_REJECT.c
9a3fa7
+++ b/extensions/libip6t_REJECT.c
9a3fa7
@@ -104,6 +104,10 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
9a3fa7
 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
9a3fa7
 		if (reject_table[i].with == reject->with)
9a3fa7
 			break;
9a3fa7
+	if (i == ARRAY_SIZE(reject_table))
9a3fa7
+		xtables_error(VERSION_PROBLEM,
9a3fa7
+			      "unknown reject type %d in ruleset",
9a3fa7
+			      reject->with);
9a3fa7
 	printf(" reject-with %s", reject_table[i].name);
9a3fa7
 }
9a3fa7
 
9a3fa7
@@ -116,6 +120,10 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
9a3fa7
 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
9a3fa7
 		if (reject_table[i].with == reject->with)
9a3fa7
 			break;
9a3fa7
+	if (i == ARRAY_SIZE(reject_table))
9a3fa7
+		xtables_error(VERSION_PROBLEM,
9a3fa7
+			      "unknown reject type %d in ruleset",
9a3fa7
+			      reject->with);
9a3fa7
 
9a3fa7
 	printf(" --reject-with %s", reject_table[i].name);
9a3fa7
 }
9a3fa7
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
9a3fa7
index 362c65ed88e96..5573ebd28022c 100644
9a3fa7
--- a/extensions/libipt_REJECT.c
9a3fa7
+++ b/extensions/libipt_REJECT.c
9a3fa7
@@ -124,6 +124,10 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
9a3fa7
 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
9a3fa7
 		if (reject_table[i].with == reject->with)
9a3fa7
 			break;
9a3fa7
+	if (i == ARRAY_SIZE(reject_table))
9a3fa7
+		xtables_error(VERSION_PROBLEM,
9a3fa7
+			      "unknown reject type %d in ruleset",
9a3fa7
+			      reject->with);
9a3fa7
 	printf(" reject-with %s", reject_table[i].name);
9a3fa7
 }
9a3fa7
 
9a3fa7
@@ -136,6 +140,10 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
9a3fa7
 	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
9a3fa7
 		if (reject_table[i].with == reject->with)
9a3fa7
 			break;
9a3fa7
+	if (i == ARRAY_SIZE(reject_table))
9a3fa7
+		xtables_error(VERSION_PROBLEM,
9a3fa7
+			      "unknown reject type %d in ruleset",
9a3fa7
+			      reject->with);
9a3fa7
 
9a3fa7
 	printf(" --reject-with %s", reject_table[i].name);
9a3fa7
 }
9a3fa7
-- 
9a3fa7
2.21.0
9a3fa7