Re: [iptables PATCH 1/3] ebtables: Clone extensions before modifying them

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 05, 2024 at 09:35:41PM +0100, Phil Sutter wrote:
> Upon identifying an extension option, ebt_command_default() would have
> the extension parse the option prior to creating a copy for attaching to
> the iptables_command_state object. After copying, the (modified)
> initial extension's data was cleared.
> 
> This somewhat awkward process breaks with among match which increases
> match_size if needed (but never reduces it). This change is not undone,
> hence leaks into following instances. This in turn is problematic with
> ebtables-restore only (as multiple rules are parsed) and specifically
> when deleting rules as the potentially over-sized match_size won't match
> the one parsed from the kernel.
> 
> A workaround would be to make bramong_parse() realloc the match also if
> new size is smaller than the old one. This patch attempts a proper fix
> though, by making ebt_command_default() copy the extension first and
> parsing the option into the copy afterwards.
> 
> No Fixes tag: Prior to commit 24bb57d3f52ac ("ebtables: Support for
> guided option parser"), ebtables relied upon the extension's parser
> return code instead of checking option_offset, so copying the extension
> opportunistically wasn't feasible.
> 
> Signed-off-by: Phil Sutter <phil@xxxxxx>

Series applied.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux