Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4919629imc; Mon, 25 Feb 2019 13:38:50 -0800 (PST) X-Google-Smtp-Source: AHgI3IZh7VN/T3pZsrRr9SD9TXuF0RRCBhPIY8mqYlapYFsViTbNC+ViHynBcKhyQGO9v3iD/Z10 X-Received: by 2002:a62:b40b:: with SMTP id h11mr22182233pfn.108.1551130729985; Mon, 25 Feb 2019 13:38:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551130729; cv=none; d=google.com; s=arc-20160816; b=leAumjr3UIy2hFn5uSXAdKfZn5d+iVpoTufns3nZoxOH5OE+FT7kVG8JOUqvxvezJb NVQZkuyHm4ZIyoYWQqG8ZGC11lt9qV49ZEHElMKZRWByMfEWZSAw4oXnMZejdAd70Oc3 XjU7jhXY+vZLqUOzkBTSerGNnRSYq6yXOqZThGmb516RvLYbcx+GBViVbO1VSvoY+ToG VaMeG7kdrmaiA+hntVyVQpGjfE9VovZt0vQ5bQUnpBLOySjoAHj1M3sDbN7KoRZQnQWb IZebCQOGDlLZZ+XG3kDXvawKLmRgTW39I6BBhyb0aYfhXTokYrKqN1aVhl6ZjxwpnJVo aXkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=UX6ipQ5M5nFfE/VeNWVHjntW8u6SYg6poAy7DPFN4wQ=; b=SUyC8ByAfkGqtse3g/ORKAA4YIhy8/dQp2BJ6G305k2FjDkUHr3k0GC54CWGv1qdBM 7sSayDi4s9nBFm/VvRD+Z751WCE0koW+9/8ey8M4lQIr9BT0sGqlMYTr+imNRjWfFeun Kv0tCA4XR/h6Mx9loU6QJbS5dW6NOl5NFm+mzzjXu/kY8IDnZvd5QQlhnQpGeWbvTu6j BvNQba7IeGqhX+YX4GZJ7v0bMaSBQRo8T5fEwtWk3z/LRy3PDe0fL5xauFjD8fCKeLs4 NkIGMRnwavmfHLh23DFVNc+coH3wmQ1MSYPK5bkWT168hSXsXg+CZ5B73ZgUiCeyBK78 iXIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DNZOmr68; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v127si10002127pgb.459.2019.02.25.13.38.35; Mon, 25 Feb 2019 13:38:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DNZOmr68; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387482AbfBYVhd (ORCPT + 99 others); Mon, 25 Feb 2019 16:37:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:44634 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387476AbfBYVha (ORCPT ); Mon, 25 Feb 2019 16:37:30 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AEFBA21841; Mon, 25 Feb 2019 21:37:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551130650; bh=+HqvbztWS41dTfCTKDEuQPaDpcvbHXcLvU+KlvvQDiI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DNZOmr68PZeIoC2BDemyAqWxgTFdV+FdvS6vsSGv7y0sUYQKg2G61n2X/hcA1gWQp O+3QrukaVWS0dT8eEDCGLPxJGQ1euggRTDIUIHT9QX4torJBX06bunGCmW2zQf/+aS iV1uww3i/O1YpnKzI3sd/nRRTV+gztVoBI2D4lF0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Fernando Fernandez Mancera , Pablo Neira Ayuso Subject: [PATCH 4.20 181/183] netfilter: nfnetlink_osf: add missing fmatch check Date: Mon, 25 Feb 2019 22:12:34 +0100 Message-Id: <20190225195125.689322452@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190225195054.748060397@linuxfoundation.org> References: <20190225195054.748060397@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Fernando Fernandez Mancera commit 1a6a0951fc009f6d9fe8ebea2d2417d80d54097b upstream. When we check the tcp options of a packet and it doesn't match the current fingerprint, the tcp packet option pointer must be restored to its initial value in order to do the proper tcp options check for the next fingerprint. Here we can see an example. Assumming the following fingerprint base with two lines: S10:64:1:60:M*,S,T,N,W6: Linux:3.0::Linux 3.0 S20:64:1:60:M*,S,T,N,W7: Linux:4.19:arch:Linux 4.1 Where TCP options are the last field in the OS signature, all of them overlap except by the last one, ie. 'W6' versus 'W7'. In case a packet for Linux 4.19 kicks in, the osf finds no matching because the TCP options pointer is updated after checking for the TCP options in the first line. Therefore, reset pointer back to where it should be. Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match") Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nfnetlink_osf.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/netfilter/nfnetlink_osf.c +++ b/net/netfilter/nfnetlink_osf.c @@ -66,6 +66,7 @@ static bool nf_osf_match_one(const struc int ttl_check, struct nf_osf_hdr_ctx *ctx) { + const __u8 *optpinit = ctx->optp; unsigned int check_WSS = 0; int fmatch = FMATCH_WRONG; int foptsize, optnum; @@ -155,6 +156,9 @@ static bool nf_osf_match_one(const struc } } + if (fmatch != FMATCH_OK) + ctx->optp = optpinit; + return fmatch == FMATCH_OK; }