From: Thomas Graf <tgraf@redhat.com>
Date: Thu, 9 Apr 2009 15:24:01 +0200
Subject: [net] fix out of bound access to hook_entries
Message-id: 20090409132401.GA13651@plip.localdomain
O-Subject: [RHEL5.4 PATCH] net: fix out of bound access to hook_entries (bz484036)
Bugzilla: 484036
RH-Acked-by: David Miller <davem@redhat.com>
Hey all -
This patch fixes a out of bound access to hook_entries[] when
configuring ebtables rules.
Patch tested and verified by the customer. Fixes BZ484036.
Please ACK
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 3a13ed6..940b218 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -450,8 +450,9 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
return -EINVAL;
}
/* before we look at the struct, be sure it is not too big */
- if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
- > limit) {
+ if (i < NF_BR_NUMHOOKS &&
+ (char *)hook_entries[i] + sizeof(struct ebt_entries)
+ > limit) {
BUGPRINT("entries_size too small\n");
return -EINVAL;
}
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
fc11cd6e1c513a17304da94a5390f3cd
>
files
>
2153
