netfilter: nfnetlink_cthelper: unbreak userspace helper support

ummakynes · ummakynes · commit 703acd70f249 · 2020-05-25T20:39:14.000+02:00
Restore helper data size initialization and fix memcopy of the helper data size. Fixes: 157ffff ("netfilter: nfnetlink_cthelper: reject too large userspace allocation requests") Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
@@ -103,7 +103,7 @@ nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct)
 	if (help->helper->data_len == 0)
 		return -EINVAL;
 
-	nla_memcpy(help->data, nla_data(attr), sizeof(help->data));
+	nla_memcpy(help->data, attr, sizeof(help->data));
 	return 0;
 }
 
@@ -240,6 +240,7 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
 		ret = -ENOMEM;
 		goto err2;
 	}
+	helper->data_len = size;
 
 	helper->flags |= NF_CT_HELPER_F_USERSPACE;
 	memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple));

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ nfnl_cthelper_from_nlattr(struct nlattr attr, struct nf_conn ct)`
`103`	`103`	`if (help->helper->data_len == 0)`
`104`	`104`	`return -EINVAL;`
`105`	`105`
`106`		`- nla_memcpy(help->data, nla_data(attr), sizeof(help->data));`
	`106`	`+ nla_memcpy(help->data, attr, sizeof(help->data));`
`107`	`107`	`return 0;`
`108`	`108`	`}`
`109`	`109`
`@@ -240,6 +240,7 @@ nfnl_cthelper_create(const struct nlattr * const tb[],`
`240`	`240`	`ret = -ENOMEM;`
`241`	`241`	`goto err2;`
`242`	`242`	`}`
	`243`	`+ helper->data_len = size;`
`243`	`244`
`244`	`245`	`helper->flags \|= NF_CT_HELPER_F_USERSPACE;`
`245`	`246`	`memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple));`