netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
@ 2021-09-10  9:58 Topi Miettinen
  2021-09-20 11:26 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: Topi Miettinen @ 2021-09-10  9:58 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Topi Miettinen

Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.

Fix length validation check to allow any context sizes.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 src/nlmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nlmsg.c b/src/nlmsg.c
index b1154fc..5400dd7 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -253,7 +253,6 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_IFINDEX_PHYSOUTDEV:
 	case NFQA_CAP_LEN:
 	case NFQA_SKB_INFO:
-	case NFQA_SECCTX:
 	case NFQA_UID:
 	case NFQA_GID:
 	case NFQA_CT_INFO:
@@ -281,6 +280,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 	case NFQA_PAYLOAD:
 	case NFQA_CT:
 	case NFQA_EXP:
+	case NFQA_SECCTX:
 		break;
 	}
 	tb[type] = attr;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
  2021-09-10  9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
@ 2021-09-20 11:26 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2021-09-20 11:26 UTC (permalink / raw)
  To: Topi Miettinen; +Cc: netfilter-devel

Topi Miettinen <toiwoton@gmail.com> wrote:
> Typically security contexts are not 'u32' sized but strings, for example
> 'system_u:object_r:my_http_client_packet_t:s0'.
> 
> Fix length validation check to allow any context sizes.

LGTM, applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-20 11:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-10  9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
2021-09-20 11:26 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).