mnl: fix crashes when using sets with many elements
nft crashes when adding many elements into a set for two reasons:
1) The overflow of the nla_len field for the NFTA_SET_ELEM_LIST_ELEMENTS
attribute.
2) Out-of-bound memory writes to the reserved area for the netlink
message, which is solved by the patch entitled ("mnl: introduce
NFT_NLMSG_MAXSIZE").
This patch adds the corresponding nla_len overflow check for
NFTA_SET_ELEM_LIST_ELEMENTS and it splits the elements in several
netlink messages. This should be enough when set updates are handled
by the transaction infrastructure.
With this patch, nft should be now capable of adding an unlimited
number of elements to a given set.
Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=898 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / nftables.git / commit
