On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote: > The related nftables bug is: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017359 > > [ Reason ] > nftables uses a fixed-size array containing the locations of the > expressions within each rule that it sends to the kernel to provide > more > informative error-reporting. If the rule is rejected by the kernel, > the > kernel will provide an ID for the expression which was responsible, > and > nftables will use this to highlight it when outputting the rule in > the > error message: > > # nft add rule t c iif lo reject with icmp 255 > Error: Could not process rule: Invalid argument > add rule t c iif lo reject with icmp 255 > ^^^^^^ > > There is an off-by-one error in the bounds-checking used before > adding > the details of an expression to this array. The result of this is > that > if a rule contains enough expressions, nftables will write past the > end > of the array leading to memory-corruption and possibly crashes. >
The debdiff is somewhat confusing. +nftables (0.9.8-3.2) unstable; urgency=medium This is an upload to bullseye, not unstable. Additionally, the version should be 0.9.8-3.1+deb11u1. + -- Sven Auhagen <[email protected]> Sat, 16 Jul 2022 11:29:27 +0200 Who is this? It's obviously not you, but also doesn't appear to be related to the nftables bug report you mentioned. Regards, Adam
