[LTP] [PATCH] cve-2016-4997: Provide fallback for xt_entry structs
Richard Palethorpe
rpalethorpe@suse.com
Wed Aug 2 16:24:22 CEST 2017
Old systems (i.e SLE10) do not have xt_entry_match and/or xt_entry_target.
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
---
configure.ac | 1 +
m4/ltp-x_tables.m4 | 24 ++++++++++++++++++++++++
testcases/cve/cve-2016-4997.c | 37 +++++++++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+)
create mode 100644 m4/ltp-x_tables.m4
diff --git a/configure.ac b/configure.ac
index 223241c78..23e583dd8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -193,5 +193,6 @@ LTP_CHECK_SYNC_ADD_AND_FETCH
LTP_CHECK_BUILTIN_CLEAR_CACHE
LTP_CHECK_MMSGHDR
LTP_CHECK_UNAME_DOMAINNAME
+LTP_CHECK_X_TABLES
AC_OUTPUT
diff --git a/m4/ltp-x_tables.m4 b/m4/ltp-x_tables.m4
new file mode 100644
index 000000000..cd6a600c7
--- /dev/null
+++ b/m4/ltp-x_tables.m4
@@ -0,0 +1,24 @@
+dnl Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+dnl the GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+AC_DEFUN([LTP_CHECK_X_TABLES],[
+AC_CHECK_TYPES([struct xt_entry_match, struct xt_entry_target],,,[
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <limits.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+])
+])
diff --git a/testcases/cve/cve-2016-4997.c b/testcases/cve/cve-2016-4997.c
index a413b561e..2d99865b7 100644
--- a/testcases/cve/cve-2016-4997.c
+++ b/testcases/cve/cve-2016-4997.c
@@ -27,6 +27,7 @@
* a user namespace.
*/
+#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -45,6 +46,42 @@
+ sizeof(struct xt_entry_target))
#define PADDING (OFFSET_OVERWRITE - NEXT_OFFSET)
+#ifndef HAVE_STRUCT_XT_ENTRY_MATCH
+struct xt_entry_match {
+ union {
+ struct {
+ uint16_t match_size;
+ char name[29];
+ uint8_t revision;
+ } user;
+ struct {
+ uint16_t match_size;
+ void *match;
+ } kernel;
+ uint16_t match_size;
+ } u;
+ unsigned char data[0];
+};
+#endif
+
+#ifndef HAVE_STRUCT_XT_ENTRY_TARGET
+struct xt_entry_target {
+ union {
+ struct {
+ uint16_t target_size;
+ char name[29];
+ uint8_t revision;
+ } user;
+ struct {
+ uint16_t target_size;
+ void *target;
+ } kernel;
+ uint16_t target_size;
+ } u;
+ unsigned char data[0];
+};
+#endif
+
struct payload {
struct ipt_replace repl;
struct ipt_entry ent;
--
2.13.3
More information about the ltp
mailing list