git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Taehee Yoo <ap420073@gmail.com>
	Thu, 17 May 2018 13:49:49 +0000 (22:49 +0900)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Mon, 14 Jan 2019 09:28:55 +0000 (09:28 +0000)
commit	6e38dab0c07bc617d6f022afaccf4bebb8f604a7
tree	089a31d35546171dc1e548288f420df25aaff5df	tree
parent	aa06e0cac8297fa9c63eb7bbdabedb46b229c583	commit \| diff

netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval

BugLink: http://bugs.launchpad.net/bugs/1808185
commit 97a0549b15a0b466c47f6a0143a490a082c64b4e upstream.

In the nft_meta_set_eval, nftrace value is dereferenced as u32 from sreg.
But correct type is u8. so that sometimes incorrect value is dereferenced.

Steps to reproduce:

   %nft add table ip filter
   %nft add chain ip filter input { type filter hook input priority 4\; }
   %nft add rule ip filter input nftrace set 0
   %nft monitor

Sometimes, we can see trace messages.

   trace id 16767227 ip filter input packet: iif "enp2s0"
   ether saddr xx:xx:xx:xx:xx:xx ether daddr xx:xx:xx:xx:xx:xx
   ip saddr 192.168.0.1 ip daddr 255.255.255.255 ip dscp cs0
   ip ecn not-ect ip
   trace id 16767227 ip filter input rule nftrace set 0 (verdict continue)
   trace id 16767227 ip filter input verdict continue
   trace id 16767227 ip filter input

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>