On Mon, Mar 20, 2017 at 10:35:22PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@xxxxxxxxx> > > In nfct_helper_nlmsg_build_policy(), we always set the attribute type to > NFCTH_POLICY_SET, so we cannot add more than one nfct_helper_policy to > the kernel. > > Also: in nfct_helper_nlmsg_parse_policy(), we will increase the > helper->policy_num for each nfct_helper_policy, but we mistakenly set it > to the total number of nfct_helper_policy. So when the total number is > more than 3, later out of bound access will happen. Applied, thanks Liping. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
