• David S. Miller's avatar
    filter: make sure filters dont read uninitialized memory · 57fe93b3
    David S. Miller authored
    There is a possibility malicious users can get limited information about
    uninitialized stack mem array. Even if sk_run_filter() result is bound
    to packet length (0 .. 65535), we could imagine this can be used by
    hostile user.
    Initializing mem[] array, like Dan Rosenberg suggested in his patch is
    expensive since most filters dont even use this array.
    Its hard to make the filter validation in sk_chk_filter(), because of
    the jumps. This might be done later.
    In this patch, I use a bitmap (a single long var) so that only filters
    using mem[] loads/stores pay the price of added security checks.
    For other filters, additional cost is a single instruction.
    [ Since we access fentry->k a lot now, cache it in a local variable
      and mark filter entry pointer as const. -DaveM ]
    Reported-by: default avatarDan Rosenberg <drosenberg@vsecurity.com>
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>