Re: [PATCH nf] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 21, 2019 at 12:54 PM Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Unlike ip(6)tables ebtables only counts user-defined chains.
>
> The effect is that a 32bit ebtables binary on a 64bit kernel can do
> 'ebtables -N FOO' only after adding at least one rule, else the request
> fails with -EINVAL.
>
> This is a similar fix as done in
> 3f1e53abff84 ("netfilter: ebtables: don't attempt to allocate 0-sized compat array").
>
> Fixes: 7d7d7e02111e9 ("netfilter: compat: reject huge allocation requests")
> Reported-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---

Thanks Florian, this patch does fix the problems I was seeing in my setup.

Francesco Ruggeri



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux