diff options
| author | Florian Westphal <fw@strlen.de> | 2023-07-14 16:53:57 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-07-17 21:47:03 +0200 |
| commit | 574fa55c2e70449887c7714d7b043f4e8b6d28da (patch) | |
| tree | d5d323e74c8136956632d372ebbae1a9131fa14b | |
| parent | 58f5f4f4dbde0eeab2705dfe453610d850a632c0 (diff) | |
exthdr: prefer raw_type instead of desc->type
On ancient kernels desc can be NULL, because such kernels do not
understand NFTA_EXTHDR_TYPE.
Thus they don't include it in the reverse dump, so the tcp/ip
option gets treated like an ipv6 exthdr, but no matching
description will be found.
This then gives a crash due to the null deref.
Just use the raw value here, this avoid a crash and at least
print *something*, e.g.:
unknown-exthdr unknown & 0xf0 [invalid type] == 0x0 [invalid type]
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/exthdr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/exthdr.c b/src/exthdr.c index f5527ddb..0358005b 100644 --- a/src/exthdr.c +++ b/src/exthdr.c @@ -405,7 +405,7 @@ bool exthdr_find_template(struct expr *expr, const struct expr *mask, unsigned i found = tcpopt_find_template(expr, off, mask_len - mask_offset); break; case NFT_EXTHDR_OP_IPV6: - exthdr_init_raw(expr, expr->exthdr.desc->type, + exthdr_init_raw(expr, expr->exthdr.raw_type, off, mask_len - mask_offset, expr->exthdr.op, 0); /* still failed to find a template... Bug. */ |