diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-04-17 21:40:23 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-04-21 23:52:27 +0200 |
| commit | 2fbade3cd9900fe7f87ac660b6ac44544e238206 (patch) | |
| tree | 79361f80534444d89b3b0ee4457708272fd1ed7e /include/utils.h | |
| parent | 2c41c82296c70203f4781fb976ee0f05629fba44 (diff) | |
netlink: bogus concatenated set ranges with netlink message overrun
When building each component of the set element key, a late byteorder
switch is performed to ensure that all components in the interval are
represented in big endian, as required by the pipapo backend.
In case that the set element does not fit into the netlink message, the
byteorder switch happens twice, leading to inserting an element with a
bogus component with large sets, so instead:
"lo" . 00:11:22:33:44:55 . 10.1.2.3 comment "123456789012345678901234567890"
listing reports:
16777216 . 00:11:22:33:44:55 . 10.1.2.3 comment "123456789012345678901234567890"
Note that 16777216 is 0x1000000, which should instead be 0x00000001 to
represent "lo" as u32.
Fix this by switching the value in a temporary variable and use it to
set the set element key attribute in the netlink message.
Later, revisit this to perform this byteorder switch from evaluation
step.
Add tests/shell unit to cover for this bug.
Closes: http://bugzilla.netfilter.org/show_bug.cgi?id=1792
Fixes: 8ac2f3b2fca3 ("src: Add support for concatenated set ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/utils.h')
0 files changed, 0 insertions, 0 deletions