43 lines
1.8 KiB
Diff
43 lines
1.8 KiB
Diff
From 7e6aa6db1fe5b14b5d224da11b077c50cc954efa Mon Sep 17 00:00:00 2001
|
|
From: Thomas Haller <thaller@redhat.com>
|
|
Date: Tue, 29 Aug 2023 14:53:33 +0200
|
|
Subject: [PATCH] evaluate: fix check for truncation in
|
|
stmt_evaluate_log_prefix()
|
|
|
|
Otherwise, nft crashes with prefix longer than 127 bytes:
|
|
|
|
# nft add rule x y log prefix \"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\"
|
|
|
|
==159385==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffed5bf4a10 at pc 0x7f3134839269 bp 0x7ffed5bf48b0 sp 0x7ffed5bf4060
|
|
WRITE of size 129 at 0x7ffed5bf4a10 thread T0
|
|
#0 0x7f3134839268 in __interceptor_memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:778
|
|
#1 0x7f3133e3074e in __mpz_export_data /tmp/nftables/src/gmputil.c:110
|
|
#2 0x7f3133d21d3c in expr_to_string /tmp/nftables/src/expression.c:192
|
|
#3 0x7f3133ded103 in netlink_gen_log_stmt /tmp/nftables/src/netlink_linearize.c:1148
|
|
#4 0x7f3133df33a1 in netlink_gen_stmt /tmp/nftables/src/netlink_linearize.c:1682
|
|
[...]
|
|
|
|
Fixes: e76bb3794018 ('src: allow for variables in the log prefix string')
|
|
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
src/evaluate.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index eb834eae..4c02a9cd 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -4150,7 +4150,7 @@ static int stmt_evaluate_log_prefix(struct eval_ctx *ctx, struct stmt *stmt)
|
|
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
|
|
}
|
|
|
|
- if (len == NF_LOG_PREFIXLEN)
|
|
+ if (len == 0)
|
|
return stmt_error(ctx, stmt, "log prefix is too long");
|
|
|
|
expr = constant_expr_alloc(&stmt->log.prefix->location, &string_type,
|
|
--
|
|
2.33.0
|
|
|