2017-07-26 20:06 GMT+09:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: > On Wed, Jul 26, 2017 at 11:27:16AM +0200, Florian Westphal wrote: >> Taehee Yoo <ap420073@xxxxxxxxx> wrote: >> > If verdict is NF_STOLEN in the SYNPROXY target, >> > the skb is consumed. >> > However, ipt_do_table() always tries to get ip header from the skb. >> > So that, KASAN triggers the use-after-free message. >> >> In case anyone wonders, ip6tables doesn't have this problem >> because we pass *skb, not ip6hdr to ip6_packet_match(). > > I think it would be good to make these code converge to what ip6tables > is doing while fixing up this? > >> arptables has the same bug, it seems (no target returns STOLEN, >> but I think we should fix it there as well). > > Yes, even if no target returns what triggers the problem, it's good if > we fix this now so we make sure whatever new extension gets in in the > future works accordingly. > > Thanks! Thank you for reviews! I will send the V3 patch that includes modified arpt_do_table() that is reviewed point. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
