aboutsummaryrefslogtreecommitdiff
path: root/CREDITS
diff options
context:
space:
mode:
authorDan Carpenter2023-11-03 09:42:51 +0300
committerPablo Neira Ayuso2023-11-14 16:16:21 +0100
commitc301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (patch)
tree8affa98af2d39162ba70c261a130b2f8d1a3b7ae /CREDITS
parenta44af08e3d4d7566eeea98d7a29fe06e7b9de944 (diff)
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
The problem is in nft_byteorder_eval() where we are iterating through a loop and writing to dst[0], dst[1], dst[2] and so on... On each iteration we are writing 8 bytes. But dst[] is an array of u32 so each element only has space for 4 bytes. That means that every iteration overwrites part of the previous element. I spotted this bug while reviewing commit caf3ef7468f7 ("netfilter: nf_tables: prevent OOB access in nft_byteorder_eval") which is a related issue. I think that the reason we have not detected this bug in testing is that most of time we only write one element. Fixes: ce1e7989d989 ("netfilter: nft_byteorder: provide 64bit le/be conversion") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'CREDITS')
0 files changed, 0 insertions, 0 deletions