On Tue, Feb 06, 2024 at 11:43:36AM +0100, Michal Kubecek wrote:
>
> I stumbled upon this when the issue got a CVE id (sigh) and I share
> Andrea's (Cc-ed) concern that the fix is incomplete. While the fix,
> commit c301f0981fdd ("netfilter: nf_tables: fix pointer math issue in
> nft_byteorder_eval()") now, fixes the destination side, src is still
> a pointer to u32, i.e. we are reading 64-bit values with relative
> offsets which are multiples of 32 bits.
>
> Shouldn't we fix this as well, e.g. like indicated below?
>
Yep. You're right. Could you send that as a patch.
regards,
dan carpenter
