Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > This patch introduces the generic __xt_entry_foreach() that includes a > new parameter to account for remaining entry bytes in the table that we > didn't walk so far. If the amount of remaining bytes is zero, then we > keep validating this table, otherwise for < 0 we just reject this. > > Reported-by: Ben Hawkes <hawkes@xxxxxxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > Slightly tested here, will be spinning on this again with more testing > tomorrow morning. I'll appreciate any extra hand on testing this > further. I have a patch queued (not yet sent) that makes this patch obsolete. Basically UBSAN reports further bugs because we fail to test e + e->next_offset <= limit. Since e->next_offset not only is the next offset but (implicitly) also the size of this rule check_entry_size_and_hooks() should check that the alleged rule size is at least the limit (end-of-blob). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
