[ANNOUNCE] libnftnl 1.0.8 release

[ANNOUNCE] libnftnl 1.0.8 release

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 554 bytes --]

Hi!

The Netfilter project proudly presents:

        libnftnl 1.0.8

libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem. The
library libnftnl has been previously known as libnftables. This library
is currently used by the nft command line tool.

This release includes incremental updates to support new kernel
features and bug fixes.

You can download this library from:

http://www.netfilter.org/projects/libnftnl/downloads.html
ftp://ftp.netfilter.org/pub/libnftnl/

Thanks!

[-- Attachment #2: changes-libnftnl-1.0.8.txt --]
[-- Type: text/plain, Size: 2089 bytes --]

Alexander Alemayhu (1):
      exthdr: remove unused variable uval8

Elise Lennion (2):
      examples: Remove the use of nftnl_mnl_batch_put()
      src: Use nftnl_buf to export XML/JSON rules

Eric Leblond (1):
      set: free user data

Florian Westphal (9):
      src: ct: add zone support
      object: don't set NFTNL_OBJ_TYPE unless obj->ops is non-null
      object: fix crash when object ops is null
      object: extend set/get api for u8/u16 types
      src: ct helper support
      src: ct eventmask support
      ct: rename eventmask to event
      exthdr: tcp option set support
      rt: tcpmss get support

Laura Garcia Liebana (1):
      expr: hash: support of symmetric hash

Liping Zhang (1):
      src: ct: add average bytes per packet counter support

Manuel Messner (1):
      src: add TCP option matching requirements

Pablo M. Bermudo Garay (1):
      src: limit stateful object support

Pablo Neira Ayuso (11):
      src: get rid of aliases and compat
      include: refresh nf_tables.h copy
      common: get rid of nftnl_batch_build_hdr()
      common: return nlmsghdr in nftnl_batch_{begin,end}()
      rule: add NFTA_RULE_ID attribute
      udata: add nftnl_udata_put_u32() and nftnl_udata_get_u32()
      buffer: use nftnl_expr_snprintf() from nftnl_buf_expr()
      expr: no need to nul-terminate buffer from expression ->snprintf indirection
      src: no need to nul-terminate buffer for nftnl_fprintf() calls
      src: do not nul-terminate internal helper functions
      build: libnftnl 1.0.8 release

Phil Sutter (5):
      exthdr: Add support for exthdr flags
      exthdr: Add missing exthdr flags cases
      fib: Add support for NFTA_FIB_F_PRESENT flag
      expr: exthdr: Display NFT_EXTHDR_F_PRESENT in debug output
      chain: Don't print unset policy value in netlink debug

Shyam Saini (1):
      examples: Fix memory leaks detected by Valgrind

Tobias Klauser (1):
      expr: Add const qualifiers to *2str translation arrays

Varsha Rao (2):
      src: Change parameters of SNPRINTF_BUFFER_SIZE macro.
      src: Buffer is null terminated.

Re: [ANNOUNCE] libnftnl 1.0.8 release

[Jan Engelhardt]

On Friday 2017-10-13 01:41, Pablo Neira Ayuso wrote:
>
>        libnftnl 1.0.8

Here's a buffer overflow reported by gcc:

expr/data_reg.c: In function 'nftnl_data_reg_json_parse':
expr/data_reg.c:69:27: warning: '%d' directive writing between 1 and 10 bytes into a region of size 2 [-Wformat-overflow=]
   sprintf(node_name, "data%d", i);
                           ^~
expr/data_reg.c:69:22: note: directive argument in the range [0, 2147483647]
   sprintf(node_name, "data%d", i);
                      ^~~~~~~~
In file included from /usr/include/stdio.h:862:0,
                 from expr/data_reg.c:12:
/usr/include/bits/stdio2.h:33:10: note: '__builtin___sprintf_chk' output between 6 and 15 bytes into a destination of size 6
   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       __bos (__s), __fmt, __va_arg_pack ());
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


AFAICS it's triggerable when reg->len > 396.