Pablo Neira Ayuso <[email protected]> writes: > From: Florian Westphal <[email protected]> > > We have targets and standard targets -- the latter carries a verdict. > > The ip/ip6tables validation functions will access t->verdict for the > standard targets to fetch the jump offset or verdict for chainloop > detection, but this happens before the targets get checked/validated. > > Thus we also need to check for verdict presence here, else t->verdict > can point right after a blob. > > Spotted with UBSAN while testing malformed blobs.
This breaks iptables on PPC32. # iptables -nL iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. # modprobe iptable-filter FATAL: Error inserting iptable_filter (/lib/modules/4.7.0-rc1/kernel/net/ipv4/netfilter/iptable_filter.ko): Invalid argument Andreas. -- Andreas Schwab, [email protected] GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
