iptables: backport patch fixing bug with string module
authorChristian Marangi <ansuelsmth@gmail.com>
Sun, 12 Nov 2023 13:10:23 +0000 (14:10 +0100)
committerChristian Marangi <ansuelsmth@gmail.com>
Sun, 12 Nov 2023 13:14:25 +0000 (14:14 +0100)
Backport patch fixing critical bug with string module merged upstream.

Fixes: #13812
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3d6b89c5140acb9228ec89bde09b53dafdead070)

package/network/utils/iptables/Makefile
package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch [new file with mode: 0644]

index aded1b7b1fdda5acbc133d96e3702c12642b1b4c..45a2b49070e3da3051bb05dffe7c101836d4c82d 100644 (file)
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
 PKG_VERSION:=1.8.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch b/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch
new file mode 100644 (file)
index 0000000..cfcb6c7
--- /dev/null
@@ -0,0 +1,40 @@
+From da5b32fb4656ab69fe1156eb7e36c7c961839e8a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 8 Jun 2022 13:45:13 +0200
+Subject: [PATCH] extensions: string: Review parse_string() function
+
+* Compare against sizeof(info->pattern) which is more clear than having
+  to know that this buffer is of size XT_STRING_MAX_PATTERN_SIZE
+
+* Invert the check and error early to reduce indenting
+
+* Pass info->patlen to memcpy() to avoid reading past end of 's'
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ extensions/libxt_string.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/extensions/libxt_string.c
++++ b/extensions/libxt_string.c
+@@ -78,14 +78,13 @@ static void string_init(struct xt_entry_
+ static void
+ parse_string(const char *s, struct xt_string_info *info)
+-{     
++{
+       /* xt_string does not need \0 at the end of the pattern */
+-      if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
+-              memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
+-              info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
+-              return;
+-      }
+-      xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
++      if (strlen(s) > sizeof(info->pattern))
++              xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
++
++      info->patlen = strnlen(s, sizeof(info->pattern));
++      memcpy(info->pattern, s, info->patlen);
+ }
+ static void