From 26a61f56cc572f0eb7e38f1401f994ee07fd818c Mon Sep 17 00:00:00 2001
From: pr-hung <bkedx0000@gmail.com>
Date: Thu, 25 Dec 2025 13:20:17 +0800
Subject: [PATCH] Fix potential vulnerability in cloned code
 (net/bridge/netfilter/ebtables.c)

---
 net/bridge/netfilter/ebtables.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 653d72979e..a73f991eec 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2079,13 +2079,22 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
 	 * offsets are relative to beginning of struct ebt_entry (i.e., 0).
 	 */
 	for (i = 0; i < 4 ; ++i) {
+	for (i = 0; i < 4 ; ++i) {
+		if (offsets[i] >= *total)
 		if (offsets[i] >= *total)
 			return -EINVAL;
+			return -EINVAL;
 		if (i == 0)
+		if (i == 0)
+			continue;
 			continue;
 		if (offsets[i-1] > offsets[i])
+		if (offsets[i-1] > offsets[i])
+			return -EINVAL;
 			return -EINVAL;
 	}
+	}
+
 
 	for (i = 0, j = 1 ; j < 4 ; j++, i++) {
 		struct compat_ebt_entry_mwt *match32;