diff options
author | Florian Westphal <fw@strlen.de> | 2023-12-08 15:34:29 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-12-12 15:20:41 +0100 |
commit | 130060afa9f6f11e14ea5cf372545407179f16ac (patch) | |
tree | a30d250d7129ac8f1d3adbeb0e4b3d47baabe9ad /tests/shell/testcases/sets/dumps | |
parent | 21608263cc1ae489326e743957bfe34b05414a44 (diff) |
netlink: add and use nft_data_memcpy helper
There is a stack overflow somewhere in this code, we end
up memcpy'ing a way too large expr into a fixed-size on-stack
buffer.
This is hard to diagnose, most of this code gets inlined so
the crash happens later on return from alloc_nftnl_setelem.
Condense the mempy into a helper and add a BUG so we can catch
the overflow before it occurs.
->value is too small (4, should be 16), but for normal
cases (well-formed data must fit into max reg space, i.e.
64 byte) the chain buffer that comes after value in the
structure provides a cushion.
In order to have the new BUG() not trigger on valid data,
bump value to the correct size, this is userspace so the additional
60 bytes of stack usage is no concern.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/sets/dumps')
0 files changed, 0 insertions, 0 deletions