| Message ID | 1620232194-140858-1-git-send-email-danielj@nvidia.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,F:linux-bluefield] netfilter: flowtable: fix NAT IPv6 offload mangling | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> This will likely come from stable, but still its good to get applied. Its a definite oops. On 5/5/21 10:29 AM, Daniel Jurgens wrote: > From: Pablo Neira Ayuso <pablo@netfilter.org> > > BugLink: https://bugs.launchpad.net/bugs/1927244 > > Fix out-of-bound access in the address array. > > Fixes: 5c27d8d76ce8 ("netfilter: nf_flow_table_offload: add IPv6 support") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > (cherry picked from commit 0e07e25b481aa021e4b48085ecb8a049e9614510) > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- > net/netfilter/nf_flow_table_offload.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c > index 26a950d..c7b6750 100644 > --- a/net/netfilter/nf_flow_table_offload.c > +++ b/net/netfilter/nf_flow_table_offload.c > @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, > const __be32 *addr, const __be32 *mask) > { > struct flow_action_entry *entry; > - int i; > + int i, j; > > - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { > + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { > entry = flow_action_entry_next(flow_rule); > flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, > - offset + i, &addr[i], mask); > + offset + i, &addr[j], mask); > } > } > >
On 05/05/2021 13:29, Daniel Jurgens wrote: > From: Pablo Neira Ayuso <pablo@netfilter.org> > > BugLink: https://bugs.launchpad.net/bugs/1927244 > > Fix out-of-bound access in the address array. > > Fixes: 5c27d8d76ce8 ("netfilter: nf_flow_table_offload: add IPv6 support") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > (cherry picked from commit 0e07e25b481aa021e4b48085ecb8a049e9614510) > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- > net/netfilter/nf_flow_table_offload.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c > index 26a950d..c7b6750 100644 > --- a/net/netfilter/nf_flow_table_offload.c > +++ b/net/netfilter/nf_flow_table_offload.c > @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, > const __be32 *addr, const __be32 *mask) > { > struct flow_action_entry *entry; > - int i; > + int i, j; > > - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { > + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { > entry = flow_action_entry_next(flow_rule); > flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, > - offset + i, &addr[i], mask); > + offset + i, &addr[j], mask); > } > } > > Thanks Daniel, LGTM: Acked-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Applied to focal:bluefield/master-next. Thanks. -rtg On 5/5/21 10:29 AM, Daniel Jurgens wrote: > From: Pablo Neira Ayuso <pablo@netfilter.org> > > BugLink: https://bugs.launchpad.net/bugs/1927244 > > Fix out-of-bound access in the address array. > > Fixes: 5c27d8d76ce8 ("netfilter: nf_flow_table_offload: add IPv6 support") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > (cherry picked from commit 0e07e25b481aa021e4b48085ecb8a049e9614510) > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- > net/netfilter/nf_flow_table_offload.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c > index 26a950d..c7b6750 100644 > --- a/net/netfilter/nf_flow_table_offload.c > +++ b/net/netfilter/nf_flow_table_offload.c > @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, > const __be32 *addr, const __be32 *mask) > { > struct flow_action_entry *entry; > - int i; > + int i, j; > > - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { > + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { > entry = flow_action_entry_next(flow_rule); > flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, > - offset + i, &addr[i], mask); > + offset + i, &addr[j], mask); > } > } > >
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 26a950d..c7b6750 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, const __be32 *addr, const __be32 *mask) { struct flow_action_entry *entry; - int i; + int i, j; - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { entry = flow_action_entry_next(flow_rule); flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, - offset + i, &addr[i], mask); + offset + i, &addr[j], mask); } }