netfilter match bypass default check: fix in kernel 3.18 4.4 4.9

target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch

@@ -67,11 +67,10 @@
  
  	counters = alloc_counters(table);
  	if (IS_ERR(counters))
-@@ -972,6 +1001,14 @@ copy_entries_to_user(unsigned int total_
+@@ -973,6 +1002,14 @@ copy_entries_to_user(unsigned int total_
- 			ret = -EFAULT;
  			goto free_counters;
  		}
-+
+ 
 +		flags = e->ip.flags & IPT_F_MASK;
 +		if (copy_to_user(userptr + off
 +				 + offsetof(struct ipt_entry, ip.flags),
@@ -79,6 +78,24 @@
 +			ret = -EFAULT;
 +			goto free_counters;
 +		}
- 
++
  		for (i = sizeof(struct ipt_entry);
  		     i < e->target_offset;
+ 		     i += m->u.match_size) {
+@@ -1379,12 +1416,15 @@ compat_copy_entry_to_user(struct ipt_ent
+ 	compat_uint_t origsize;
+ 	const struct xt_entry_match *ematch;
+ 	int ret = 0;
++	u8 flags = e->ip.flags & IPT_F_MASK;
+ 
+ 	origsize = *size;
+ 	ce = (struct compat_ipt_entry __user *)*dstptr;
+ 	if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
+ 	    copy_to_user(&ce->counters, &counters[i],
+-	    sizeof(counters[i])) != 0)
++	    sizeof(counters[i])) != 0 ||
++	    copy_to_user(&ce->ip.flags, &flags,
++	    sizeof(flags)) != 0)
+ 		return -EFAULT;
+ 
+ 	*dstptr += sizeof(struct compat_ipt_entry);

target/linux/generic/pending-4.4/610-netfilter_match_bypass_default_checks.patch

@@ -67,11 +67,10 @@
  
  	counters = alloc_counters(table);
  	if (IS_ERR(counters))
-@@ -974,6 +1003,14 @@ copy_entries_to_user(unsigned int total_
+@@ -975,6 +1004,14 @@ copy_entries_to_user(unsigned int total_
- 			ret = -EFAULT;
  			goto free_counters;
  		}
-+
+ 
 +		flags = e->ip.flags & IPT_F_MASK;
 +		if (copy_to_user(userptr + off
 +				 + offsetof(struct ipt_entry, ip.flags),
@@ -79,6 +78,24 @@
 +			ret = -EFAULT;
 +			goto free_counters;
 +		}
- 
++
  		for (i = sizeof(struct ipt_entry);
  		     i < e->target_offset;
+ 		     i += m->u.match_size) {
+@@ -1380,12 +1417,15 @@ compat_copy_entry_to_user(struct ipt_ent
+ 	compat_uint_t origsize;
+ 	const struct xt_entry_match *ematch;
+ 	int ret = 0;
++	u8 flags = e->ip.flags & IPT_F_MASK;
+ 
+ 	origsize = *size;
+ 	ce = (struct compat_ipt_entry __user *)*dstptr;
+ 	if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
+ 	    copy_to_user(&ce->counters, &counters[i],
+-	    sizeof(counters[i])) != 0)
++	    sizeof(counters[i])) != 0 ||
++	    copy_to_user(&ce->ip.flags, &flags,
++	    sizeof(flags)) != 0)
+ 		return -EFAULT;
+ 
+ 	*dstptr += sizeof(struct compat_ipt_entry);

target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch

@@ -76,11 +76,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	counters = alloc_counters(table);
  	if (IS_ERR(counters))
-@@ -850,6 +879,14 @@ copy_entries_to_user(unsigned int total_
+@@ -851,6 +880,14 @@ copy_entries_to_user(unsigned int total_
- 			ret = -EFAULT;
  			goto free_counters;
  		}
-+
+ 
 +		flags = e->ip.flags & IPT_F_MASK;
 +		if (copy_to_user(userptr + off
 +				 + offsetof(struct ipt_entry, ip.flags),
@@ -88,6 +87,24 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +			ret = -EFAULT;
 +			goto free_counters;
 +		}
- 
++
  		for (i = sizeof(struct ipt_entry);
  		     i < e->target_offset;
+ 		     i += m->u.match_size) {
+@@ -1240,12 +1277,15 @@ compat_copy_entry_to_user(struct ipt_ent
+ 	compat_uint_t origsize;
+ 	const struct xt_entry_match *ematch;
+ 	int ret = 0;
++	u8 flags = e->ip.flags & IPT_F_MASK;
+ 
+ 	origsize = *size;
+ 	ce = (struct compat_ipt_entry __user *)*dstptr;
+ 	if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
+ 	    copy_to_user(&ce->counters, &counters[i],
+-	    sizeof(counters[i])) != 0)
++	    sizeof(counters[i])) != 0 ||
++	    copy_to_user(&ce->ip.flags, &flags,
++	    sizeof(flags)) != 0)
+ 		return -EFAULT;
+ 
+ 	*dstptr += sizeof(struct compat_ipt_entry);