3rd iteration.
In addition to the problem reported by Ben Hawkes this also adds
a few checks to better validate ->next_offset and the target.
I checked that ip(6)tables-restore still works w. simple rulesets.
The reproducer doesn't work anymore w. patch #4 applied.
--
To unsubscribe from this
Ben Hawkes reported an out-of-bounds write in mark_source_chains().
This was caused by improper underflow check -- we should have bailed
earlier.
The underflow check has been fixed in the preceeding change
("netfilter: x_tables: fix unconditional helper").
Just to be safe also add checks to
We should check that e->target_offset is sane before
mark_source_chains gets called since it will fetch the target entry
for loop detection.
Signed-off-by: Florian Westphal
---
net/ipv4/netfilter/arp_tables.c | 17 -
net/ipv4/netfilter/ip_tables.c | 17
Otherwise this function may read data beyond the ruleset blob.
Signed-off-by: Florian Westphal
---
net/ipv4/netfilter/arp_tables.c | 6 --
net/ipv4/netfilter/ip_tables.c | 6 --
net/ipv6/netfilter/ip6_tables.c | 6 --
3 files changed, 12 insertions(+), 6
On Tue, 2016-03-22 at 08:21 -0700, Eric Dumazet wrote:
> On Tue, 2016-03-22 at 23:08 +0800, Baozeng Ding wrote:
> > Hi all,
> >
> > The following program triggers an out-of-bounds bug in
> > sctp_getsockopt. The kernel version is 4.5 (on Mar 16
> > commit
On 21/03/16 23:13, Pablo Neira Ayuso wrote:
On Tue, Mar 15, 2016 at 09:28:07PM +0100, Carlos Falgueras García wrote:
Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_udata with the comment, and
the print function for extract
On 21/03/16 23:10, Pablo Neira Ayuso wrote:
On Tue, Mar 15, 2016 at 09:28:04PM +0100, Carlos Falgueras García wrote:
These functions allow to create a buffer (nftnl_udata_buf) of TLV objects
(nftnl_udata). It is inspired by libmnl/src/attr.c. It can be used to store
several variable length user
On Mon, Mar 21, 2016 at 11:15:19AM -0700, Jarno Rajahalme wrote:
> OVS should call into CT NAT for packets of new expected connections only
> when the conntrack state is persisted with the 'commit' option to the
> OVS CT action. The test for this condition is doubly wrong, as the CT
> status