git.ipfire.org Git - thirdparty/nftables.git/commit

]> git.ipfire.org Git - thirdparty/nftables.git/commit

projects / thirdparty / nftables.git / commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 20 Oct 2020 19:24:36 +0000 (21:24 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 20 Oct 2020 19:27:01 +0000 (21:27 +0200)
commit	f1786e55b9ea0baa1357c0289b551407bf15b417
tree	7d36f3c7a9bc95831eba3e834cdeaff874bcb9c7	tree \| snapshot
parent	c85a7b0faad897b094b95153212ce351140721ea	commit \| diff

segtree: UAF in interval_map_decompose()

reported by tests/monitor# bash run-tests.sh
...
SUMMARY: AddressSanitizer: heap-use-after-free /home/pablo/devel/scm/git-netfilter/nftables/src/expression.c:1385 in expr_ops

Due to incorrect structure layout when calling interval_expr_copy().

Fixes: c1f0476fd590 ("segtree: copy expr data to closing element")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/segtree.c

diff | blob | blame | history

Mirror of git://git.netfilter.org/nftables

RSS Atom