Re: [PATCH v2] netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Apr 06, 2019 at 08:26:52AM +0300, Dan Carpenter wrote:
> I believe that "hook->num" can be up to UINT_MAX.  Shifting more than
> 31 bits would is undefined in C but in practice it would lead to shift
> wrapping.  That would lead to an array overflow in nf_tables_addchain():
> 
> 	ops->hook       = hook.type->hooks[ops->hooknum];

Applied, thanks.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux