On Wed, Jul 26, 2017 at 11:27:16AM +0200, Florian Westphal wrote: > Taehee Yoo <ap420073@xxxxxxxxx> wrote: > > If verdict is NF_STOLEN in the SYNPROXY target, > > the skb is consumed. > > However, ipt_do_table() always tries to get ip header from the skb. > > So that, KASAN triggers the use-after-free message. > > In case anyone wonders, ip6tables doesn't have this problem > because we pass *skb, not ip6hdr to ip6_packet_match(). I think it would be good to make these code converge to what ip6tables is doing while fixing up this? > arptables has the same bug, it seems (no target returns STOLEN, > but I think we should fix it there as well). Yes, even if no target returns what triggers the problem, it's good if we fix this now so we make sure whatever new extension gets in in the future works accordingly. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
