[pkg-netfilter-team] Bug#1017723: bullseye-pu: package nftables/0.9.8-3.2

Adam D. Barratt adam at adam-barratt.org.uk
Wed Dec 7 20:18:10 GMT 2022 

Control: tags -1 + confirmed

On Sun, 2022-09-04 at 15:09 +0100, Jeremy Sowden wrote:
> On 2022-09-03, at 14:53:45 +0100, Adam D. Barratt wrote:
> > On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote:
> > > The related nftables bug is:
> > > 
> > >   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017359
> > > 
> > > [ Reason ]
> > > nftables uses a fixed-size array containing the locations of the
> > > expressions within each rule that it sends to the kernel to
> > > provide
> > > more informative error-reporting.  If the rule is rejected by the
> > > kernel, the kernel will provide an ID for the expression which
> > > was
> > > responsible, and nftables will use this to highlight it when
> > > outputting the rule in the error message:
> > > 
> > >  # nft add rule t c iif lo reject with icmp 255
> > >  Error: Could not process rule: Invalid argument
> > >  add rule t c iif lo reject with icmp 255
> > >                      ^^^^^^
> > > 
> > > There is an off-by-one error in the bounds-checking used before
> > > adding the details of an expression to this array.  The result of
> > > this is that if a rule contains enough expressions, nftables will
> > > write past the end of the array leading to memory-corruption and
> > > possibly crashes.
> > 
> > The debdiff is somewhat confusing.
> > 
> > +nftables (0.9.8-3.2) unstable; urgency=medium
> > 
> > This is an upload to bullseye, not unstable. Additionally, the
> > version
> > should be 0.9.8-3.1+deb11u1.
> > 
> > + -- Sven Auhagen <sven.auhagen at voleatech.de>  Sat, 16 Jul 2022
> > 11:29:27 +0200
> > 
> > Who is this? It's obviously not you, but also doesn't appear to be
> > related to the nftables bug report you mentioned.
> 
> Whoops.  Silly mistakes.  Still learning the ropes.  I've amended the
> change-log entry.
> 

+    It fixes a one off for the check for NFT_NLATTR_LOC_MAX

s/one off/off by one/

Please go ahead; sorry for the delay.

Regards,

Adam

-- 
To unsubscribe, send mail to 1017723-unsubscribe at bugs.debian.org.

More information about the pkg-netfilter-team mailing list