netfilter: x_tables: validate targets of jumps - user/sven/linux.git

diff options

author	Florian Westphal <fw@strlen.de>	2016-04-01 14:17:22 +0200
committer	Ben Hutchings <ben@decadent.org.uk>	2016-11-20 01:16:53 +0000
commit	f05615752178e6bac752c16f6a3380302cadfcd6 (patch)
tree	e0e2272c515f876a132f4af07b811c0c7e2c8ed7 /include/linux
parent	a6889df5406276eefa252cace97d3d2e5c48af05 (diff)

netfilter: x_tables: validate targets of jumps

commit 36472341017529e2b12573093cc0f68719300997 upstream. When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The extra overhead is negible, even with absurd cases. 300k custom rules, 300k jumps to 'next' user chain: [ plus one jump from INPUT to first userchain ]: Before: real 0m24.874s user 0m7.532s sys 0m16.076s After: real 0m27.464s user 0m7.436s sys 0m18.840s Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: