Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | src: reject large raw payload and concat expressions | Florian Westphal | 2023-12-15 | 1 | -0/+5 |
The kernel will reject this too, but unfortunately nft may try to cram the data into the underlying libnftnl expr. This causes heap corruption or BUG: nld buffer overflow: want to copy 132, max 64 After: Error: Concatenation of size 544 exceeds maximum size of 512 udp length . @th,0,512 . @th,512,512 { 47-63 . 0xe373135363130 . 0x33131303735353203 } ^^^^^^^^^ resp. same warning for an over-sized raw expression. Signed-off-by: Florian Westphal <fw@strlen.de> |