Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4197064pxj; Tue, 8 Jun 2021 08:37:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzFKJ92RtOV2tVZxHgcERzwiWrOyx2G2Svvk+jy/Zsa0uV0f7iDZA45w781P2b/8KcsqqdW X-Received: by 2002:a17:907:2cf6:: with SMTP id hz22mr16220005ejc.320.1623166651381; Tue, 08 Jun 2021 08:37:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623166651; cv=none; d=google.com; s=arc-20160816; b=U232tFYCqKFvziuhh8oZpHtcd/wfgm46nIN9tHaqoJqseVD2WTkohl88qyV9Wfj1WP dZFCBKQvFbkLuQPSjdZWVDHQvVRGrp3XaQ+KmQmqr7ibLEu1+PNP7+ldMQy13oJsrFqE 7YQJny7ZMF5sLch7zczGUIkwNFuQHHr9VG22i6VEtrg7JVsizUlscVF0p5Ehc+w6io2/ 1/oRoXpyB3HerXB0fpTFUN8k7wHItCUnVv9s0EDbHQ+sOekEwtugjeKRiCaBz3rFWFSe LN6n60x29sVssvIZuq/iIDiuDRjVNM3XxxF1AHm87bOsup8nBWC/JM//EZngtZi7XPnK HM+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=H4iKZ+P3roRjGs0Lz9nYEJX3TOocVRVWopb0VyKocO0=; b=vJYypQo3k9PZ2mLhg7qM34AUXmvXXcqFyxhdlGDIMwsI36CgvCbv+0By/gaS1INYd7 pN66z0HI7ON25gBSFYJtOpSI4wKw+dItYbX0lmqvQ8pi6bgFfLjnazlzu/lGwISy7/Qu YgOuKNFQjnlyDnEY6/BD3NokJK5g5MoJ9gK97W/g6MfHtjt41c75B0meN7od5oDsbUbP R216azWGYHd0PiQNcGAhIjU93MiXha1MENePTVkO+/02cYRuq45SA3uAYJ1p8y68YxXN l2Yo1kCr1LsYckgH2ClrPwK3rkWDvoLMFKSx56E1ygJu/zpS5ZMofsNyWOr7KgufUWUb VjNQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h11si21600edz.24.2021.06.08.08.37.05; Tue, 08 Jun 2021 08:37:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232310AbhFHPgL (ORCPT + 99 others); Tue, 8 Jun 2021 11:36:11 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:38698 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231308AbhFHPgJ (ORCPT ); Tue, 8 Jun 2021 11:36:09 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lqdk0-0006NO-AB; Tue, 08 Jun 2021 15:34:08 +0000 From: Colin King To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S . Miller" , Jakub Kicinski , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] etfilter: fix array index out-of-bounds error Date: Tue, 8 Jun 2021 16:34:08 +0100 Message-Id: <20210608153408.160652-1-colin.king@canonical.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King Currently the array net->nf.hooks_ipv6 is accessed by index hook before hook is sanity checked. Fix this by moving the sanity check to before the array access. Addresses-Coverity: ("Out-of-bounds access") Fixes: e2cf17d3774c ("netfilter: add new hook nfnl subsystem") Signed-off-by: Colin Ian King --- net/netfilter/nfnetlink_hook.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nfnetlink_hook.c b/net/netfilter/nfnetlink_hook.c index 04586dfa2acd..58fda6ac663b 100644 --- a/net/netfilter/nfnetlink_hook.c +++ b/net/netfilter/nfnetlink_hook.c @@ -181,9 +181,9 @@ nfnl_hook_entries_head(u8 pf, unsigned int hook, struct net *net, const char *de hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]); break; case NFPROTO_IPV6: - hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); if (hook >= ARRAY_SIZE(net->nf.hooks_ipv6)) return ERR_PTR(-EINVAL); + hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); break; case NFPROTO_ARP: #ifdef CONFIG_NETFILTER_FAMILY_ARP -- 2.31.1