Received: by 2002:a05:7412:1703:b0:e2:908c:2ebd with SMTP id dm3csp4043404rdb;
        Wed, 30 Aug 2023 13:46:12 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGuD2hg/ZTveqOFa6Fnm50dKf3AH3nKO9jpAdummodDdOiGlfeldctSu51YOQnhDC3/Iekf
X-Received: by 2002:aa7:de11:0:b0:523:1f33:cf9 with SMTP id h17-20020aa7de11000000b005231f330cf9mr2862221edv.25.1693428371935;
        Wed, 30 Aug 2023 13:46:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693428371; cv=none;
        d=google.com; s=arc-20160816;
        b=mKq28AD13lavi0Np5qTmNpA5ZI3bxux1aVSJ90Xz4u7B8BrmzaoZXsQofASAEaMpJn
         1o54qjCB4SMAXz9bgUJH0mkiPEFu4U6ePY7cQFuUY50sdkJetSD6J872kgOEJGwnxpOC
         XbwF8ERKxp401tdyaQ0QsHoUHDIbGvv1ZQBQxY187nrEISv98ow6xO9VvyZ43/BsbZj5
         D7RxhVFmPL8FjRgZF99JDmKsIMgjTHynFt7WlmnKmcf+tU61U48DIxW1AMREx89afW/+
         KCk+Fz5x57WCKVLNFAZqGQBM/T5m42LYtKjbusoWhUq5abhf/wcJinotsLhNcVSl4Ti6
         7hig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=9gHvUTjlc6aKJju0GPXMS1EwLp1cRvyXWx0Nm5xbYOk=;
        fh=Jsw8YTTsEPIWFLo38CEGqnruJ72cVQAE5174uLJCbmg=;
        b=rRPw69XUI1Kzj+O0uau9UH6fUogUvTWXE4zZ1EOAMxM7DkpmB7XdFqVG13wUKdfi9E
         NFZbFk+Fcoq2t3JygaqGQxQ00l4cnqF7cQfUISm+WTBogyVn+2G7zCzYBOXp6eEC37tz
         vf4AAjMGGnt7bddTPMN6l88LQhRtMnmvkO1bhJryf3y/q4eMalJJxkUvZOQ1bF4MAlpE
         lHMoM6uHmZOITFE8psgAdGz4wajTvslJoH+kpKpHPKySungNTCgOtcfgdvYec7/+9CdY
         DacHyWr5waE1BV1IWq17pYG/u0FyHe3Y4sGHdK5mmG8tTPaenZNb2oOWWV2nDhe2qPs/
         0A1g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id b14-20020aa7cd0e000000b005256886827esi3099edw.607.2023.08.30.13.45.37;
        Wed, 30 Aug 2023 13:46:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236997AbjH3TFw (ORCPT <rfc822;asselsm@gmail.com> + 99 others);
        Wed, 30 Aug 2023 15:05:52 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45292 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S245617AbjH3Pmj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Aug 2023 11:42:39 -0400
Received: from ganesha.gnumonks.org (ganesha.gnumonks.org [IPv6:2001:780:45:1d:225:90ff:fe52:c662])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1167C122
        for <linux-kernel@vger.kernel.org>; Wed, 30 Aug 2023 08:42:37 -0700 (PDT)
Received: from [78.30.34.192] (port=40966 helo=gnumonks.org)
        by ganesha.gnumonks.org with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        (Exim 4.94.2)
        (envelope-from <pablo@gnumonks.org>)
        id 1qbMxK-002KUx-7F; Wed, 30 Aug 2023 17:18:09 +0200
Date:   Wed, 30 Aug 2023 17:18:05 +0200
From:   Pablo Neira Ayuso <pablo@netfilter.org>
To:     Wander Lairson Costa <wander@redhat.com>
Cc:     Jozsef Kadlecsik <kadlec@netfilter.org>,
        Florian Westphal <fw@strlen.de>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Patrick McHardy <kaber@trash.net>,
        Jan Engelhardt <jengelh@gmx.de>,
        "open list:NETFILTER" <netfilter-devel@vger.kernel.org>,
        "open list:NETFILTER" <coreteam@netfilter.org>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH nf] netfilter/xt_u32: validate user space input
Message-ID: <ZO9dreEK8SCsgQz4@calendula>
References: <20230828132107.18376-1-wander@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20230828132107.18376-1-wander@redhat.com>
X-Spam-Score: -1.9 (-)
X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,
        HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,
        SPF_PASS autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Aug 28, 2023 at 10:21:07AM -0300, Wander Lairson Costa wrote:
> The xt_u32 module doesn't validate the fields in the xt_u32 structure.
> An attacker may take advantage of this to trigger an OOB read by setting
> the size fields with a value beyond the arrays boundaries.
> 
> Add a checkentry function to validate the structure.
> 
> This was originally reported by the ZDI project (ZDI-CAN-18408).

Applied to nf, thanks