rpms/nftables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
859c03055c
nftables/0031-netlink_delinearize-Sanitize-concat-data-element-dec.patch
Phil Sutter 859c03055c nftables-1.0.4-10.el9 
* Tue Feb 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-10.el9]
- netlink_delinearize: Sanitize concat data element decoding (Phil Sutter) [2160049]
- optimize: Clarify chain_optimize() array allocations (Phil Sutter) [2160049]
- optimize: Do not return garbage from stack (Phil Sutter) [2160049]
- netlink: Fix for potential NULL-pointer deref (Phil Sutter) [2160049]
- meta: parse_iso_date() returns boolean (Phil Sutter) [2160049]
- mnl: dump_nf_hooks() leaks memory in error path (Phil Sutter) [2160049]
- owner: Fix potential array out of bounds access (Phil Sutter) [2160049]
Resolves: rhbz#2160049
2023-02-21 19:53:35 +01:00

43 lines
1.5 KiB
Diff
Raw Blame History

From 05407602f79391e89e57ef5c4a1a0aea720855e2 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 21 Feb 2023 19:50:41 +0100
Subject: [PATCH] netlink_delinearize: Sanitize concat data element decoding
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
Upstream Status: nftables commit 1344d9e53ba4d
commit 1344d9e53ba4d67cedd13a2c76a970fc7ce65683
Author: Phil Sutter <phil@nwl.cc>
Date: Tue Feb 21 18:36:01 2023 +0100
netlink_delinearize: Sanitize concat data element decoding
The call to netlink_get_register() might return NULL, catch this before
dereferencing the pointer.
Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
src/netlink_delinearize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index e9e0845..cadb8ec 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1660,7 +1660,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
sreg_data = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA);
expr_data = netlink_get_register(ctx, loc, sreg_data);
- if (expr_data->len < set->data->len) {
+ if (expr_data && expr_data->len < set->data->len) {
expr_free(expr_data);
expr_data = netlink_parse_concat_expr(ctx, loc, sreg_data, set->data->len);
if (expr_data == NULL)
--
2.39.2
Reference in New Issue View Git Blame Copy Permalink