Control: tags -1 + confirmed On Sun, 2022-09-04 at 15:09 +0100, Jeremy Sowden wrote: > On 2022-09-03, at 14:53:45 +0100, Adam D. Barratt wrote: > > On Fri, 2022-08-19 at 16:05 +0100, Jeremy Sowden wrote: > > > The related nftables bug is: > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017359 > > > > > > [ Reason ] > > > nftables uses a fixed-size array containing the locations of the > > > expressions within each rule that it sends to the kernel to > > > provide > > > more informative error-reporting. If the rule is rejected by the > > > kernel, the kernel will provide an ID for the expression which > > > was > > > responsible, and nftables will use this to highlight it when > > > outputting the rule in the error message: > > > > > > # nft add rule t c iif lo reject with icmp 255 > > > Error: Could not process rule: Invalid argument > > > add rule t c iif lo reject with icmp 255 > > > ^^^^^^ > > > > > > There is an off-by-one error in the bounds-checking used before > > > adding the details of an expression to this array. The result of > > > this is that if a rule contains enough expressions, nftables will > > > write past the end of the array leading to memory-corruption and > > > possibly crashes. > > > > The debdiff is somewhat confusing. > > > > +nftables (0.9.8-3.2) unstable; urgency=medium > > > > This is an upload to bullseye, not unstable. Additionally, the > > version > > should be 0.9.8-3.1+deb11u1. > > > > + -- Sven Auhagen <sven.auha...@voleatech.de> Sat, 16 Jul 2022 > > 11:29:27 +0200 > > > > Who is this? It's obviously not you, but also doesn't appear to be > > related to the nftables bug report you mentioned. > > Whoops. Silly mistakes. Still learning the ropes. I've amended the > change-log entry. >
+ It fixes a one off for the check for NFT_NLATTR_LOC_MAX s/one off/off by one/ Please go ahead; sorry for the delay. Regards, Adam
