Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp557570pxy; Wed, 21 Apr 2021 09:14:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyvHZfDzov2skqdqCJVHus/0Ja5PeP9Eja3Ffv1050pRkoUGCM/XZIpoO0jLTB39KF9xWcC X-Received: by 2002:a62:7d46:0:b029:247:baa2:d95c with SMTP id y67-20020a627d460000b0290247baa2d95cmr30474430pfc.15.1619021641518; Wed, 21 Apr 2021 09:14:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619021641; cv=none; d=google.com; s=arc-20160816; b=Ko+QrUpUEdQ248Oj+hiV5JaxE0a7wh10PtRutGmg+qbIOPNed/qztXkTuIzFld1fqX yI0BZstYClOn7nul3sivTYyTgb1Xa9HAoxQ70UDrZqCFzoHOtj8adGugNfiZwbpAq/G7 N869Bm/vA6nXhE0klQ6Rhr4//rFHyn9NaM6XFqZJp66u0Kb4Cj+8wGqOL5GyFA8ADM+c nj9sRLsYx4la2hQrBNjuHUasmlIWqCdZ8Nq8LrAUsB5VmWPCRbEmWi/9/EsGxUWgtxSE EANoaQbumi540V4Wwr7vujzbDgL43qILyLHHkEd9+7m8/oDxvev7FRyfhZLpyTTIcAKc aHxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=M94QPguW0lMWCygxNOZdDX4+pJ5mtMHj5CfaHMZn+9M=; b=tkXZCClToUapS4hbT7RPUwsAbCKYYFDgD9GXs2xo0FoVWch4rTkciL3dm1ZQ2bOj0a DupHBNXndznBz7/1Sdji869CeC6ljRSoHyHtVu0SsM91sz8T8+Tktll82uZ1XqCeWxBX /e2MxCw91AscNvUCpcg5O5vU19rQfUzXe62pjBFGwp2m08JuE3zM7RFSW77nfjxd3gVe e75Dj0Pay+ZyYxTWzQQ1bjOzSkH61eurFIDQJxJyzrajXmCdzvINJBAP1Wcnlx9YrhKj K8gHDOZohCCZORwwWP/15AsiT/7Bznh9yoEMmJsWTYAf3M0l3tG6p7ZMK+IijjegIQC3 zQkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JdEnpIDt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x192si24638pgx.222.2021.04.21.09.13.44; Wed, 21 Apr 2021 09:14:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JdEnpIDt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242188AbhDUNJx (ORCPT + 99 others); Wed, 21 Apr 2021 09:09:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:47824 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240011AbhDUNHQ (ORCPT ); Wed, 21 Apr 2021 09:07:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2F2C66145E; Wed, 21 Apr 2021 13:06:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1619010399; bh=vTZE6WRbjYE1mAPLxeZHSN56Ub494R0uda/FLy8IVfQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JdEnpIDtf9xKeiDkcYTA/rAOQFL0L8fjZjm2MsmFivjXYddUyj8HrvAULtrGtTR4J ssDtUaWhyX1Dudm3f7XsL3Ht6Clv9nZsK3PKaSrYO5OroWar7d22vBwGbcGK/jaEFF w4uIC6D5nvdhAs5JEtmIc7si32QkGTOGljwgLFF0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , Kangjie Lu , Pablo Neira Ayuso Subject: [PATCH 123/190] Revert "netfilter: ip6t_srh: fix NULL pointer dereferences" Date: Wed, 21 Apr 2021 14:59:58 +0200 Message-Id: <20210421130105.1226686-124-gregkh@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210421130105.1226686-1-gregkh@linuxfoundation.org> References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This reverts commit 6d65561f3d5ec933151939c543d006b79044e7a6. Commits from @umn.edu addresses have been found to be submitted in "bad faith" to try to test the kernel community's ability to review "known malicious" changes. The result of these submissions can be found in a paper published at the 42nd IEEE Symposium on Security and Privacy entitled, "Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University of Minnesota) and Kangjie Lu (University of Minnesota). Because of this, all submissions from this group must be reverted from the kernel tree and will need to be re-reviewed again to determine if they actually are a valid fix. Until that work is complete, remove this change to ensure that no problems are being introduced into the codebase. Cc: Kangjie Lu Cc: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/ipv6/netfilter/ip6t_srh.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/net/ipv6/netfilter/ip6t_srh.c b/net/ipv6/netfilter/ip6t_srh.c index db0fd64d8986..f172702257a7 100644 --- a/net/ipv6/netfilter/ip6t_srh.c +++ b/net/ipv6/netfilter/ip6t_srh.c @@ -206,8 +206,6 @@ static bool srh1_mt6(const struct sk_buff *skb, struct xt_action_param *par) psidoff = srhoff + sizeof(struct ipv6_sr_hdr) + ((srh->segments_left + 1) * sizeof(struct in6_addr)); psid = skb_header_pointer(skb, psidoff, sizeof(_psid), &_psid); - if (!psid) - return false; if (NF_SRH_INVF(srhinfo, IP6T_SRH_INV_PSID, ipv6_masked_addr_cmp(psid, &srhinfo->psid_msk, &srhinfo->psid_addr))) @@ -221,8 +219,6 @@ static bool srh1_mt6(const struct sk_buff *skb, struct xt_action_param *par) nsidoff = srhoff + sizeof(struct ipv6_sr_hdr) + ((srh->segments_left - 1) * sizeof(struct in6_addr)); nsid = skb_header_pointer(skb, nsidoff, sizeof(_nsid), &_nsid); - if (!nsid) - return false; if (NF_SRH_INVF(srhinfo, IP6T_SRH_INV_NSID, ipv6_masked_addr_cmp(nsid, &srhinfo->nsid_msk, &srhinfo->nsid_addr))) @@ -233,8 +229,6 @@ static bool srh1_mt6(const struct sk_buff *skb, struct xt_action_param *par) if (srhinfo->mt_flags & IP6T_SRH_LSID) { lsidoff = srhoff + sizeof(struct ipv6_sr_hdr); lsid = skb_header_pointer(skb, lsidoff, sizeof(_lsid), &_lsid); - if (!lsid) - return false; if (NF_SRH_INVF(srhinfo, IP6T_SRH_INV_LSID, ipv6_masked_addr_cmp(lsid, &srhinfo->lsid_msk, &srhinfo->lsid_addr))) -- 2.31.1