]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4624217) | patch
netlink: don't crash if prefix for < byte is requested
authorFlorian Westphal <fw@strlen.de>
Thu, 14 Dec 2023 14:39:27 +0000 (15:39 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 Jan 2025 23:41:53 +0000 (00:41 +0100)
commit558fc21bdf8c06e20398d9f671219db2643b9117
tree8e526403e86cea1bdd7625144d695844bc46b2ebtree | snapshot
parent46242174ca49fa298fe750ba14a384aa634eb030commit | diff
netlink: don't crash if prefix for < byte is requested

commit 0404ff08b3c18052e6689d75fa85275d3cef7e8e upstream.

If prefix is used with a datatype that has less than 8 bits an
assertion is triggered:

src/netlink.c:243: netlink_gen_raw_data: Assertion `len > 0' failed.

This is esoteric, the alternative would be to restrict prefixes
to ipv4/ipv6 addresses.

Simpler fix is to use round_up instead of divide.

Signed-off-by: Florian Westphal <fw@strlen.de>
src/netlink_linearize.c diff | blob | blame | history
tests/py/ip/ip.t diff | blob | blame | history
tests/py/ip/ip.t.json diff | blob | blame | history
tests/py/ip/ip.t.payload diff | blob | blame | history
tests/py/ip/ip.t.payload.bridge diff | blob | blame | history
tests/py/ip/ip.t.payload.inet diff | blob | blame | history
tests/py/ip/ip.t.payload.netdev diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables