netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr - user/sven/linux.git

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-04-12 10:55:02 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-04-17 08:38:46 +0200
commit	c2d27b330a983d176311c1368037baa315fa0fd6 (patch)
tree	bcf75aa2895f68761833b4817fa138a3d6cee1c2 /include
parent	564f0391b7834528a6b96d0ad0b6c70683e9b37f (diff)

netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr

commit 8866df9264a34e675b4ee8a151db819b87cce2d3 upstream Otherwise, we hit a NULL pointer deference since handlers always assume default timeout policy is passed. netlink: 24 bytes leftover after parsing attributes in process `syz-executor2'. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 9575 Comm: syz-executor1 Not tainted 4.19.0+ #312 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:icmp_timeout_obj_to_nlattr+0x77/0x170 net/netfilter/nf_conntrack_proto_icmp.c:297 Fixes: c779e849608a ("netfilter: conntrack: remove get_timeout() indirection") Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Zubin Mithra <zsm@chromium.org> Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: