* [nft PATCH] netlink_delinearize: Sanitize concat data element decoding
@ 2023-02-21 18:21 Phil Sutter
2023-02-21 18:38 ` Florian Westphal
2023-02-21 18:48 ` Phil Sutter
0 siblings, 2 replies; 3+ messages in thread
From: Phil Sutter @ 2023-02-21 18:21 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel
The call to netlink_get_register() might return NULL, catch this before
dereferencing the pointer.
Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink_delinearize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index f4ab476e03455..00221505f2899 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1749,7 +1749,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
sreg_data = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA);
expr_data = netlink_get_register(ctx, loc, sreg_data);
- if (expr_data->len < set->data->len) {
+ if (expr_data && expr_data->len < set->data->len) {
expr_free(expr_data);
expr_data = netlink_parse_concat_expr(ctx, loc, sreg_data, set->data->len);
if (expr_data == NULL)
--
2.38.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [nft PATCH] netlink_delinearize: Sanitize concat data element decoding
2023-02-21 18:21 [nft PATCH] netlink_delinearize: Sanitize concat data element decoding Phil Sutter
@ 2023-02-21 18:38 ` Florian Westphal
2023-02-21 18:48 ` Phil Sutter
1 sibling, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2023-02-21 18:38 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, Florian Westphal, netfilter-devel
Phil Sutter <phil@nwl.cc> wrote:
> The call to netlink_get_register() might return NULL, catch this before
> dereferencing the pointer.
>
> Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
Acked-by: Florian Westphal <fw@strlen.de>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [nft PATCH] netlink_delinearize: Sanitize concat data element decoding
2023-02-21 18:21 [nft PATCH] netlink_delinearize: Sanitize concat data element decoding Phil Sutter
2023-02-21 18:38 ` Florian Westphal
@ 2023-02-21 18:48 ` Phil Sutter
1 sibling, 0 replies; 3+ messages in thread
From: Phil Sutter @ 2023-02-21 18:48 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel
On Tue, Feb 21, 2023 at 07:21:33PM +0100, Phil Sutter wrote:
> The call to netlink_get_register() might return NULL, catch this before
> dereferencing the pointer.
>
> Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
Patch applied.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-21 18:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-21 18:21 [nft PATCH] netlink_delinearize: Sanitize concat data element decoding Phil Sutter
2023-02-21 18:38 ` Florian Westphal
2023-02-21 18:48 ` Phil Sutter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.