* [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
@ 2021-09-10  9:58 Topi Miettinen
  2021-09-20 11:26 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: Topi Miettinen @ 2021-09-10  9:58 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Topi Miettinen
Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.
Fix length validation check to allow any context sizes.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 src/nlmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nlmsg.c b/src/nlmsg.c
index b1154fc..5400dd7 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -253,7 +253,6 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_IFINDEX_PHYSOUTDEV:
 	case NFQA_CAP_LEN:
 	case NFQA_SKB_INFO:
-	case NFQA_SECCTX:
 	case NFQA_UID:
 	case NFQA_GID:
 	case NFQA_CT_INFO:
@@ -281,6 +280,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_PAYLOAD:
 	case NFQA_CT:
 	case NFQA_EXP:
+	case NFQA_SECCTX:
 		break;
 	}
 	tb[type] = attr;
-- 
2.30.2
^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
  2021-09-10  9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
@ 2021-09-20 11:26 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2021-09-20 11:26 UTC (permalink / raw)
  To: Topi Miettinen; +Cc: netfilter-devel
Topi Miettinen <toiwoton@gmail.com> wrote:
> Typically security contexts are not 'u32' sized but strings, for example
> 'system_u:object_r:my_http_client_packet_t:s0'.
> 
> Fix length validation check to allow any context sizes.
LGTM, applied, thanks.
^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-20 11:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-10  9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
2021-09-20 11:26 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).