* [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
@ 2021-09-10 9:58 Topi Miettinen
2021-09-20 11:26 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Topi Miettinen @ 2021-09-10 9:58 UTC (permalink / raw)
To: netfilter-devel; +Cc: Topi Miettinen
Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.
Fix length validation check to allow any context sizes.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
src/nlmsg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nlmsg.c b/src/nlmsg.c
index b1154fc..5400dd7 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -253,7 +253,6 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
case NFQA_IFINDEX_PHYSOUTDEV:
case NFQA_CAP_LEN:
case NFQA_SKB_INFO:
- case NFQA_SECCTX:
case NFQA_UID:
case NFQA_GID:
case NFQA_CT_INFO:
@@ -281,6 +280,7 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
case NFQA_PAYLOAD:
case NFQA_CT:
case NFQA_EXP:
+ case NFQA_SECCTX:
break;
}
tb[type] = attr;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length
2021-09-10 9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
@ 2021-09-20 11:26 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2021-09-20 11:26 UTC (permalink / raw)
To: Topi Miettinen; +Cc: netfilter-devel
Topi Miettinen <toiwoton@gmail.com> wrote:
> Typically security contexts are not 'u32' sized but strings, for example
> 'system_u:object_r:my_http_client_packet_t:s0'.
>
> Fix length validation check to allow any context sizes.
LGTM, applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-20 11:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-10 9:58 [PATCH] libnetfilter_queue: src/nlmsg.c: SECCTX can be of any length Topi Miettinen
2021-09-20 11:26 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).