On Tue, Aug 09, 2022 at 11:25:43AM +0200, Pablo Neira Ayuso wrote:
> Update template to validate variable length extensions. This patch adds
> a new .ext_len[id] field to the template to store the expected extension
> length. This is used to sanity check the initialization of the variable
> length extension.
>
> Use PTR_ERR() in nft_set_elem_init() to report errors since, after this
> update, there are two reason why this might fail, either because of
> ENOMEM or insufficient room in the extension field (EINVAL).
>
> Kernels up until 7e6bc1f6cabc ("netfilter: nf_tables: stricter
> validation of element data") allowed to copy more data to the extension
> than was allocated. This ext_len field allows to validate if the
> destination has the correct size as additional check.
I have applied this to nf.git
