[openwrt/openwrt] iptables: backport patch fixing bug with string module

LEDE Commits lede-commits at lists.infradead.org
Sun Nov 12 05:14:39 PST 2023 

ansuel pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/b7e81d210b403ab7fb2cad70a26e78d63f80b6ce

commit b7e81d210b403ab7fb2cad70a26e78d63f80b6ce
Author: Christian Marangi <ansuelsmth at gmail.com>
AuthorDate: Sun Nov 12 14:10:23 2023 +0100

    iptables: backport patch fixing bug with string module
    
    Backport patch fixing critical bug with string module merged upstream.
    
    Fixes: #13812
    Signed-off-by: Christian Marangi <ansuelsmth at gmail.com>
    (cherry picked from commit 3d6b89c5140acb9228ec89bde09b53dafdead070)
---
 package/network/utils/iptables/Makefile            |  2 +-
 ...sions-string-Review-parse_string-function.patch | 40 ++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index aded1b7b1f..45a2b49070 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
 PKG_VERSION:=1.8.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch b/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch
new file mode 100644
index 0000000000..cfcb6c77f3
--- /dev/null
+++ b/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch
@@ -0,0 +1,40 @@
+From da5b32fb4656ab69fe1156eb7e36c7c961839e8a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil at nwl.cc>
+Date: Wed, 8 Jun 2022 13:45:13 +0200
+Subject: [PATCH] extensions: string: Review parse_string() function
+
+* Compare against sizeof(info->pattern) which is more clear than having
+  to know that this buffer is of size XT_STRING_MAX_PATTERN_SIZE
+
+* Invert the check and error early to reduce indenting
+
+* Pass info->patlen to memcpy() to avoid reading past end of 's'
+
+Signed-off-by: Phil Sutter <phil at nwl.cc>
+---
+ extensions/libxt_string.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/extensions/libxt_string.c
++++ b/extensions/libxt_string.c
+@@ -78,14 +78,13 @@ static void string_init(struct xt_entry_
+ 
+ static void
+ parse_string(const char *s, struct xt_string_info *info)
+-{	
++{
+ 	/* xt_string does not need \0 at the end of the pattern */
+-	if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
+-		memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
+-		info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
+-		return;
+-	}
+-	xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
++	if (strlen(s) > sizeof(info->pattern))
++		xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
++
++	info->patlen = strnlen(s, sizeof(info->pattern));
++	memcpy(info->pattern, s, info->patlen);
+ }
+ 
+ static void

More information about the lede-commits mailing list