Git Repo - linux.git/commit

author	Florian Westphal <[email protected]>
	Mon, 19 Feb 2018 02:01:45 +0000 (03:01 +0100)
committer	Pablo Neira Ayuso <[email protected]>
	Sun, 25 Feb 2018 19:04:53 +0000 (20:04 +0100)
commit	c4585a2823edf4d1326da44d1524ecbfda26bb37
tree	dd0673555c832ca71348c3753e4c2c9f3a5e4dc3	tree \| snapshot
parent	b078556aecd791b0e5cb3a59f4c3a14273b52121	commit \| diff

netfilter: bridge: ebt_among: add missing match size checks

ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em->match_size
is at least the minimum size of the expected structure.

The module has such a check, but its only done after accessing
a structure that might be out of bounds.

tested with: ebtables -A INPUT ... \
--among-dst fe:fe:fe:fe:fe:fe
--among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe
--among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe

Reported-by: <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>