On Tue, Nov 05, 2024 at 09:35:41PM +0100, Phil Sutter wrote: > Upon identifying an extension option, ebt_command_default() would have > the extension parse the option prior to creating a copy for attaching to > the iptables_command_state object. After copying, the (modified) > initial extension's data was cleared. > > This somewhat awkward process breaks with among match which increases > match_size if needed (but never reduces it). This change is not undone, > hence leaks into following instances. This in turn is problematic with > ebtables-restore only (as multiple rules are parsed) and specifically > when deleting rules as the potentially over-sized match_size won't match > the one parsed from the kernel. > > A workaround would be to make bramong_parse() realloc the match also if > new size is smaller than the old one. This patch attempts a proper fix > though, by making ebt_command_default() copy the extension first and > parsing the option into the copy afterwards. > > No Fixes tag: Prior to commit 24bb57d3f52ac ("ebtables: Support for > guided option parser"), ebtables relied upon the extension's parser > return code instead of checking option_offset, so copying the extension > opportunistically wasn't feasible. > > Signed-off-by: Phil Sutter <phil@xxxxxx> Series applied.