9015 – netfilter: nf_tables: do not allow mismatch field size and set key length

Bug 9015 - netfilter: nf_tables: do not allow mismatch field size and set key length

Summary: netfilter: nf_tables: do not allow mismatch field size and set key length

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	kernel - anck-5.10 (show other bugs)	kernel - anck-5.10
Sub Component:
Version:	---
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	maqiao_mq
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-05-13 17:00 UTC by ymm
Modified:	2024-05-13 17:36 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ymm inspur_group

2024-05-13 17:00:46 UTC

Description of problem:

The set description provides the size of each field in the set whose sum
should not mismatch the set key length, bail out otherwise.

I did not manage to crash nft_set_pipapo with mismatch fields and set key
length so far, but this is UB which must be disallowed.

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 小龙 admin

2024-05-13 17:36:57 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3165