Bug#1017723: bullseye-pu: package nftables/0.9.8-3.2
Control: tags -1 + confirmed
On Sun, 2022-09-04 at 15:09 +0100, Jeremy Sowden wrote:
> On 2022-09-03, at 14:53:45 +0100, Adam D. Barratt wrote:
> > On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote:
> > > The related nftables bug is:
> > >
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017359
> > >
> > > [ Reason ]
> > > nftables uses a fixed-size array containing the locations of the
> > > expressions within each rule that it sends to the kernel to
> > > provide
> > > more informative error-reporting. If the rule is rejected by the
> > > kernel, the kernel will provide an ID for the expression which
> > > was
> > > responsible, and nftables will use this to highlight it when
> > > outputting the rule in the error message:
> > >
> > > # nft add rule t c iif lo reject with icmp 255
> > > Error: Could not process rule: Invalid argument
> > > add rule t c iif lo reject with icmp 255
> > > ^^^^^^
> > >
> > > There is an off-by-one error in the bounds-checking used before
> > > adding the details of an expression to this array. The result of
> > > this is that if a rule contains enough expressions, nftables will
> > > write past the end of the array leading to memory-corruption and
> > > possibly crashes.
> >
> > The debdiff is somewhat confusing.
> >
> > +nftables (0.9.8-3.2) unstable; urgency=medium
> >
> > This is an upload to bullseye, not unstable. Additionally, the
> > version
> > should be 0.9.8-3.1+deb11u1.
> >
> > + -- Sven Auhagen <sven.auhagen@voleatech.de> Sat, 16 Jul 2022
> > 11:29:27 +0200
> >
> > Who is this? It's obviously not you, but also doesn't appear to be
> > related to the nftables bug report you mentioned.
>
> Whoops. Silly mistakes. Still learning the ropes. I've amended the
> change-log entry.
>
+ It fixes a one off for the check for NFT_NLATTR_LOC_MAX
s/one off/off by one/
Please go ahead; sorry for the delay.
Regards,
Adam
Reply to: