netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval - linux

diff options

author	Taehee Yoo <ap420073@gmail.com>	2018-05-17 15:49:49 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-23 09:29:05 +0200
commit	97a0549b15a0b466c47f6a0143a490a082c64b4e (patch)
tree	22910c45a0161744e71401a1a813400fc2b4067d /net/netlink
parent	netfilter: ebtables: handle string from userspace with care (diff)
download	linux-97a0549b15a0b466c47f6a0143a490a082c64b4e.tar.xz linux-97a0549b15a0b466c47f6a0143a490a082c64b4e.zip

netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval

In the nft_meta_set_eval, nftrace value is dereferenced as u32 from sreg. But correct type is u8. so that sometimes incorrect value is dereferenced. Steps to reproduce: %nft add table ip filter %nft add chain ip filter input { type filter hook input priority 4\; } %nft add rule ip filter input nftrace set 0 %nft monitor Sometimes, we can see trace messages. trace id 16767227 ip filter input packet: iif "enp2s0" ether saddr xx:xx:xx:xx:xx:xx ether daddr xx:xx:xx:xx:xx:xx ip saddr 192.168.0.1 ip daddr 255.255.255.255 ip dscp cs0 ip ecn not-ect ip trace id 16767227 ip filter input rule nftrace set 0 (verdict continue) trace id 16767227 ip filter input verdict continue trace id 16767227 ip filter input Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netlink')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: