From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7DD3A41765 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 1F64840977 Date: Sat, 20 Aug 2022 18:26:57 +0200 From: Florian Westphal Message-ID: References: <20220820070331.48817-1-harshit.m.mogalapalli@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220820070331.48817-1-harshit.m.mogalapalli@oracle.com> Subject: Re: [Bridge] [PATCH] netfilter: ebtables: fix a NULL pointer dereference in ebt_do_table() List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Harshit Mogalapalli Cc: john.p.donnelly@oracle.com, vegard.nossum@oracle.com, coreteam@netfilter.org, netdev@vger.kernel.org, Nikolay Aleksandrov , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Jozsef Kadlecsik , george.kennedy@oracle.com, Eric Dumazet , syzkaller@googlegroups.com, netfilter-devel@vger.kernel.org, Roopa Prabhu , Jakub Kicinski , Paolo Abeni , "David S. Miller" , Pablo Neira Ayuso Harshit Mogalapalli wrote: > In ebt_do_table() function dereferencing 'private->hook_entry[hook]' > can lead to NULL pointer dereference. So add a check to prevent that. This looks incorrect, i.e. paperimg over the problem. If hook_entry[hook] is NULL, how did this make it to the eval loop? I guess ebtables lacks a sanity check on incoming ruleset?