tests: add test case for flowtable with owner flag

BUG: KASAN: use-after-free in nf_hook_entries_grow+0x675/0x980 Read of size 4 at ... nft/19662 nf_hook_entries_grow+0x675/0x980 This is fixed by kernel commit 6069da443bf ("netfilter: nf_tables: unregister flowtable hooks on netns exit"). The test case here uses owner flag, netlink event handler doesn't release the flowtable, next attempt to add one then causes uaf because of dangling ingress hook reference. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2022-02-22 13:51:09 +0100
committer: Florian Westphal <fw@strlen.de> 2022-02-22 14:06:14 +0100
commit: 9eb98b3bd5cf21fcbef04c46cfc078579e56ff17 (patch)
tree: 8184dbe78bef32844c45560fef804dc7ce7f33f9 /tests/shell/testcases/owner
parent: 18a08fb7f0443f8bde83393bd6f69e23a04246b3 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/shell/testcases/owner/0001-flowtable-uaf b/tests/shell/testcases/owner/0001-flowtable-uaf
new file mode 100755
index 00000000..4efbe75c
--- /dev/null
+++ b/tests/shell/testcases/owner/0001-flowtable-uaf
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+$NFT -f - <<EOF
+table t {
+ flags owner
+ flowtable f {
+  devices = { lo }
+ }
+}
+EOF
+
+# trigger uaf.
+$NFT -f - <<EOF
+table t {
+ flags owner
+ flowtable f {
+  devices = { lo }
+ }
+}
+EOF
author	Florian Westphal <fw@strlen.de>	2022-02-22 13:51:09 +0100
committer	Florian Westphal <fw@strlen.de>	2022-02-22 14:06:14 +0100
commit	9eb98b3bd5cf21fcbef04c46cfc078579e56ff17 (patch)
tree	8184dbe78bef32844c45560fef804dc7ce7f33f9 /tests/shell/testcases/owner
parent	18a08fb7f0443f8bde83393bd6f69e23a04246b3 (diff)