From f6b8767228afe33dc92ae8d09c54091ccceaef18 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sat, 2 Jun 2012 21:13:58 +0200 Subject: [PATCH] psd: add basic validation of userspace matchinfo data psd multiplies weight_thresh by HZ, so it could overflow. Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check that on kernel side, too. Also, setting 0 weight for both privileged and highports will cause psd to never match at all. Reject 0 weight threshold, too because it makes no sense (triggers match for every initial packet). --- doc/changelog.txt | 2 ++ extensions/xt_psd.c | 34 ++++++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index 2fe752b..a2c37df 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -3,6 +3,8 @@ HEAD ==== Fixes: - xt_psd: avoid crash due to curr->next corruption +Changes: +- xt_psd: reject invalid match options v1.42 (2012-04-05) diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c index c044c25..dc53466 100644 --- a/extensions/xt_psd.c +++ b/extensions/xt_psd.c @@ -278,13 +278,35 @@ out_match: return true; } +static int psd_mt_check(const struct xt_mtchk_param *par) +{ + const struct xt_psd_info *info = par->matchinfo; + + if (info->weight_threshold == 0) + /* 0 would match on every 1st packet */ + return -EINVAL; + + if ((info->lo_ports_weight | info->hi_ports_weight) == 0) + /* would never match */ + return -EINVAL; + + if (info->delay_threshold > PSD_MAX_RATE || + info->weight_threshold > PSD_MAX_RATE || + info->lo_ports_weight > PSD_MAX_RATE || + info->hi_ports_weight > PSD_MAX_RATE) + return -EINVAL; + + return 0; +} + static struct xt_match xt_psd_reg __read_mostly = { - .name = "psd", - .family = NFPROTO_IPV4, - .revision = 1, - .match = xt_psd_match, - .matchsize = sizeof(struct xt_psd_info), - .me = THIS_MODULE, + .name = "psd", + .family = NFPROTO_IPV4, + .revision = 1, + .checkentry = psd_mt_check, + .match = xt_psd_match, + .matchsize = sizeof(struct xt_psd_info), + .me = THIS_MODULE, }; static int __init xt_psd_init(void)