Raw Payload Expressions - out of bounds write?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Raw Payload Expressions - does this cause an out of bounds write?

1. Input configuration file (modification to /etc/nftables.conf):

chain output {
  type filter hook output priority filter;

  @ih,58,6 set 0 \
  @ih,86,6 set 0 \
  @ih,170,22 set 0 \
  accept;
}

2. run /etc/nftables.conf

3. Output ruleset (/usr/sbin/nft list rulset):

chain output {
 type filter hook output priority filter; policy accept;
 @ih,48,16 set @ih,48,16 & 0x3f \
 @ih,80,16 set @ih,80,16 & 0x3f0 \
 @ih,160,32 set @ih,160,32 @0x3fffff \
 accept;
}

The mask appears correct for the first re-write, but subsequent re-writes appear to be too large.

Please advise.

sunny





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux