TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28628fa952
twx-linux/include
History
Dan Carpenter c301f0981f netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 
The problem is in nft_byteorder_eval() where we are iterating through a
loop and writing to dst[0], dst[1], dst[2] and so on...  On each
iteration we are writing 8 bytes.  But dst[] is an array of u32 so each
element only has space for 4 bytes.  That means that every iteration
overwrites part of the previous element.

I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter:
nf_tables: prevent OOB access in nft_byteorder_eval") which is a related
issue.  I think that the reason we have not detected this bug in testing
is that most of time we only write one element.

Fixes: ce1e7989d989 ("netfilter: nft_byteorder: provide 64bit le/be conversion")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2023-11-14 16:16:21 +01:00
..
acpi
asm-generic Kbuild updates for v6.7 2023-11-04 08:07:19 -10:00
clocksource
crypto
drm drm next and fixes for 6.7-rc1 2023-11-07 17:10:02 -08:00
dt-bindings linux-watchdog 6.7-rc1 tag 2023-11-09 13:54:25 -08:00
keys
kunit
kvm
linux net: mdio: fix typo in header 2023-11-13 11:02:30 +00:00
math-emu
media
memory
misc
net netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-14 16:16:21 +01:00
pcmcia
ras
rdma
rv
scsi SCSI misc on 20231102 2023-11-02 15:13:50 -10:00
soc IOMMU Updates for Linux v6.7 2023-11-09 13:37:28 -08:00
sound
target
trace Many singleton patches against the MM code. The patch series which are 2023-11-02 19:38:47 -10:00
uapi Including fixes from netfilter and bpf. 2023-11-09 17:09:35 -08:00
ufs
vdso
video
xen