| Message ID | 1620230187-73860-1-git-send-email-danielj@nvidia.com |
|---|---|
| State | New |
| Headers | show |
| Series | netfilter: flowtable: fix NAT IPv6 offload mangling | expand |
Hi Daniel. Thank you for the patch! May you please update the subject to follow SRU format and resubmit? i.e "[SRU][F:bluefield]..." https://wiki.ubuntu.com/Kernel/Dev/StablePatchFormat -Kelsey On 2021-05-05 18:56:27 , Daniel Jurgens wrote: > From: Pablo Neira Ayuso <pablo@netfilter.org> > > BugLink: https://bugs.launchpad.net/bugs/1927244 > > Fix out-of-bound access in the address array. > > Fixes: 5c27d8d76ce8 ("netfilter: nf_flow_table_offload: add IPv6 support") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > (cherry picked from commit 0e07e25b481aa021e4b48085ecb8a049e9614510) > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- > net/netfilter/nf_flow_table_offload.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c > index 26a950d..c7b6750 100644 > --- a/net/netfilter/nf_flow_table_offload.c > +++ b/net/netfilter/nf_flow_table_offload.c > @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, > const __be32 *addr, const __be32 *mask) > { > struct flow_action_entry *entry; > - int i; > + int i, j; > > - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { > + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { > entry = flow_action_entry_next(flow_rule); > flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, > - offset + i, &addr[i], mask); > + offset + i, &addr[j], mask); > } > } > > -- > 1.8.3.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Hi Kelsey, realized my mistake right away and have already resent it. Thanks.
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 26a950d..c7b6750 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -311,12 +311,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, const __be32 *addr, const __be32 *mask) { struct flow_action_entry *entry; - int i; + int i, j; - for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32)) { + for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { entry = flow_action_entry_next(flow_rule); flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, - offset + i, &addr[i], mask); + offset + i, &addr[j], mask); } }