linux/net/sched
Xin Long 4f8a881acc net: sched: fix NULL pointer dereference when action calls some targets
As we know in some target's checkentry it may dereference par.entryinfo
to check entry stuff inside. But when sched action calls xt_check_target,
par.entryinfo is set with NULL. It would cause kernel panic when calling
some targets.

It can be reproduce with:
  # tc qd add dev eth1 ingress handle ffff:
  # tc filter add dev eth1 parent ffff: u32 match u32 0 0 action xt \
    -j ECN --ecn-tcp-remove

It could also crash kernel when using target CLUSTERIP or TPROXY.

By now there's no proper value for par.entryinfo in ipt_init_target,
but it can not be set with NULL. This patch is to void all these
panics by setting it with an ipt_entry obj with all members = 0.

Note that this issue has been there since the very beginning.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-18 16:25:49 -07:00
..
act_api.c net sched actions: rename act_get_notify() to tcf_get_notify() 2017-07-14 08:52:33 -07:00
act_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
act_connmark.c
act_csum.c net: use skb->csum_not_inet to identify packets needing crc32c 2017-05-19 19:21:29 -04:00
act_gact.c
act_ife.c
act_ipt.c net: sched: fix NULL pointer dereference when action calls some targets 2017-08-18 16:25:49 -07:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c
act_nat.c
act_pedit.c net/act_pedit: fix an error code 2017-06-14 15:24:18 -04:00
act_police.c net_sched: move tcf_lock down after gen_replace_estimator() 2017-06-14 14:39:19 -04:00
act_sample.c
act_simple.c
act_skbedit.c
act_skbmod.c
act_tunnel_key.c net: sched: act_tunnel_key: make UDP checksum configurable 2017-06-15 14:21:03 -04:00
act_vlan.c
cls_api.c net: sched: fix p_filter_chain check in tcf_chain_flush 2017-08-18 10:19:11 -07:00
cls_basic.c
cls_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
cls_cgroup.c
cls_flow.c
cls_flower.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_fw.c
cls_matchall.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_route.c
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h
cls_tcindex.c
cls_u32.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
em_canid.c
em_cmp.c
em_ipset.c
em_meta.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
em_nbyte.c
em_text.c
em_u32.c
ematch.c
Kconfig net: sched: select cls when cls_act is enabled 2017-06-05 10:56:36 -04:00
Makefile
sch_api.c net_sched: remove warning from qdisc_hash_add 2017-08-15 17:16:39 -07:00
sch_atm.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_blackhole.c
sch_cbq.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_choke.c
sch_codel.c
sch_drr.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_dsmark.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_fifo.c
sch_fq_codel.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_fq.c mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic 2017-07-12 16:26:03 -07:00
sch_generic.c net, sched: convert Qdisc.refcnt from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
sch_gred.c
sch_hfsc.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_hhf.c
sch_htb.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_ingress.c net: sched: introduce tcf block infractructure 2017-05-17 15:22:13 -04:00
sch_mq.c
sch_mqprio.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
sch_multiq.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_netem.c
sch_pie.c
sch_plug.c
sch_prio.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_qfq.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_red.c
sch_sfb.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_sfq.c net_sched/sfq: update hierarchical backlog when drop packet 2017-08-15 17:16:39 -07:00
sch_tbf.c
sch_teql.c