git.ipfire.org Git - thirdparty/libnftnl.git/commit

]> git.ipfire.org Git - thirdparty/libnftnl.git/commit

projects / thirdparty / libnftnl.git / commit

author	Florian Westphal <fw@strlen.de>
	Tue, 12 Dec 2023 14:01:17 +0000 (15:01 +0100)
committer	Florian Westphal <fw@strlen.de>
	Tue, 12 Dec 2023 15:11:15 +0000 (16:11 +0100)
commit	bc2afbde9eae491bcef23ef5b24b25c7605ad911
tree	becc43a77fdf77975b5cfa3f61de8dea7cf4ee7c	tree \| snapshot
parent	ff117f50d2f99c03a65b4952b1a6988a8adc700f	commit \| diff

expr: fix buffer overflows in data value setters

The data value setters memcpy() to a fixed-size buffer, but its very easy
to make nft pass too-larger values. Example:
@th,160,1272 gt 0

ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b000[..]

Truncate the copy instead of corrupting the heap.
This needs additional fixes on nft side to reject such statements with a
proper error message.

Signed-off-by: Florian Westphal <fw@strlen.de>

include/data_reg.h		diff \| blob \| blame \| history
src/expr/bitwise.c		diff \| blob \| blame \| history
src/expr/cmp.c		diff \| blob \| blame \| history
src/expr/data_reg.c		diff \| blob \| blame \| history
src/expr/immediate.c		diff \| blob \| blame \| history
src/expr/range.c		diff \| blob \| blame \| history

Mirror of https://git.netfilter.org/libnftnl

RSS Atom