[PATCH nf] netfilter: nf_nat: range size must be at least 1

Florian Westphal Mon, 12 Feb 2018 16:51:07 -0800

 divide error: 0000 [#1] SMP KASAN
 RIP: 0010:nf_nat_l4proto_unique_tuple+0x291/0x530
 net/netfilter/nf_nat_proto_common.c:88


looks like a day 0 bug.
Avoid this by forcing a min_range of 1.

Reported-by: <syzbot+8012e198bd037f487...@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <f...@strlen.de>
---
 net/netfilter/nf_nat_proto_common.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nf_nat_proto_common.c 
b/net/netfilter/nf_nat_proto_common.c
index fbce552a796e..2d1fc3722ed2 100644
--- a/net/netfilter/nf_nat_proto_common.c
+++ b/net/netfilter/nf_nat_proto_common.c
@@ -72,6 +72,8 @@ void nf_nat_l4proto_unique_tuple(const struct nf_nat_l3proto 
*l3proto,
        } else {
                min = ntohs(range->min_proto.all);
                range_size = ntohs(range->max_proto.all) - min + 1;
+               if (range_size == 0)
+                       range_size = 1;
        }
 
        if (range->flags & NF_NAT_RANGE_PROTO_RANDOM) {
-- 
2.13.6

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nf] netfilter: nf_nat: range size must be at least 1

Reply via email to