]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aa50e6b) | patch
iptables: fix memory corruption when parsing nft rules
authorChristian Taedcke <christian.taedcke@weidmueller.com>
Wed, 24 Jul 2024 09:03:38 +0000 (11:03 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 26 Jul 2024 10:54:28 +0000 (11:54 +0100)
commit461d6333dabacdc181c91f31a8dd4ad6682cc0e4
tree865053372d4e1fe89711e92a10337e0ce3b3629atree
parentaa50e6bc8dcb3f5870e1fa285ec5ab997a7a59cfcommit | diff
iptables: fix memory corruption when parsing nft rules

This commit fixes a memory corruption issue when iptables (with
enabled PACKAGECONFIG libnftnl) is used to access rules created by
nft.

To reproduce the issue:
nft add chain ip filter TESTCHAIN { meta mark set 123 \;}
iptables -t filter -n -L TESTCHAIN

This produced the following output:
Chain TESTCHAIN (0 references)
target prot opt source     destination
MARK   0    --  0.0.0.0/0  0.0.0.0/0     MARK set 0x7b
malloc(): corrupted top size
Aborted (core dumped)

This commit fixes this issue.

Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/iptables/iptables/0002-nft-ruleparse-Add-missing-braces-around-ternary.patch [new file with mode: 0644] blob
meta/recipes-extended/iptables/iptables_1.8.10.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core