netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON [Linux 3.16.72]

This Linux kernel change "netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON" is included in the Linux 3.16.72 release. This change is authored by Florian Westphal <fw [at] strlen.de> on Mon Apr 15 00:43:00 2019 +0200. The commit for this change in Linux stable tree is de190e9 (patch) which is from upstream commit 7caa56f. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 7caa56f.

netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON

commit 7caa56f006e9d712b44f27b32520c66420d5cbc6 upstream.

It means userspace gave us a ruleset where there is some other
data after the ebtables target but before the beginning of the next rule.

Fixes: 81e675c227ec ("netfilter: ebtables: add CONFIG_COMPAT support")
Reported-by: syzbot+6595[email protected]
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Ben Hutchings <[email protected]>

There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/bridge/netfilter/ebtables.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 2df71bc..75929f9 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2011,7 +2011,8 @@ static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32,
        if (match_kern)
            match_kern->match_size = ret;

-       if (WARN_ON(type == EBT_COMPAT_TARGET && size_left))
+       /* rule should have no remaining data after target */
+       if (type == EBT_COMPAT_TARGET && size_left)
            return -EINVAL;

        match32 = (struct compat_ebt_entry_mwt *) buf;

Leave a Reply

Your email address will not be published. Required fields are marked *