4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal fw@strlen.de
commit 9d5c12a7c08f67999772065afd50fb222072114e upstream.
This is a very conservative limit (134217728 rules), but good enough to not trigger frequent oom from syzkaller.
Signed-off-by: Florian Westphal fw@strlen.de Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/netfilter/x_tables.c | 3 +++ 1 file changed, 3 insertions(+)
--- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -819,6 +819,9 @@ EXPORT_SYMBOL(xt_check_entry_offsets); */ unsigned int *xt_alloc_entry_offsets(unsigned int size) { + if (size > XT_MAX_TABLE_SIZE / sizeof(unsigned int)) + return NULL; + return kvmalloc_array(size, sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
}