On Thursday 2017-09-21 19:00, Jean Weisbuch wrote:
>
> - For strings, SQL_STRINGSIZE now defines the max length of values (before
> being escaped), longer values will be truncated and the double of
> SQL_STRINGSIZE is allocated in case all characters would have to be escaped
>
> I am not sure th
An out of bounds error was detected on an ARM64 target with
Android based kernel 4.9. This occurs while trying to
restore mark on a skb from an inet request socket.
BUG: KASAN: slab-out-of-bounds in socket_match.isra.2+0xc8/0x1f0
net/netfilter/xt_socket.c:248
Read of size 4 at addr ffc06a8d82
On 2017-09-21 18:01, Eric Dumazet wrote:
On Thu, 2017-09-21 at 16:08 -0600, Subash Abhinov Kasiviswanathan
wrote:
An out of bounds error was detected on an ARM64 target with
Android based kernel 4.9. This occurs while trying to
restore mark on a skb from an inet request socket.
BUG: KASAN: slab
On Thu, 2017-09-21 at 16:08 -0600, Subash Abhinov Kasiviswanathan wrote:
> An out of bounds error was detected on an ARM64 target with
> Android based kernel 4.9. This occurs while trying to
> restore mark on a skb from an inet request socket.
>
> BUG: KASAN: slab-out-of-bounds in socket_match.isr
An out of bounds error was detected on an ARM64 target with
Android based kernel 4.9. This occurs while trying to
restore mark on a skb from an inet request socket.
BUG: KASAN: slab-out-of-bounds in socket_match.isra.2+0xc8/0x1f0
net/netfilter/xt_socket.c:248
Read of size 4 at addr ffc06a8d82
if (info->flags & XT_SOCKET_RESTORESKMARK && !wildcard &&
- transparent)
+ transparent && sk_fullsock(sk))
pskb->mark = sk->sk_mark;
if (sk != skb->sk)
What about socket_mt6_v1_v2_v3() ?
Thanks.
Hi E
On Thu, 2017-09-21 at 15:20 -0600, Subash Abhinov Kasiviswanathan wrote:
> An out of bounds error was detected on an ARM64 target with
> Android based kernel 4.9. This occurs while trying to
> restore mark on a skb from an inet request socket.
>
> BUG: KASAN: slab-out-of-bounds in socket_match.isr
An out of bounds error was detected on an ARM64 target with
Android based kernel 4.9. This occurs while trying to
restore mark on a skb from an inet request socket.
BUG: KASAN: slab-out-of-bounds in socket_match.isra.2+0xc8/0x1f0
net/netfilter/xt_socket.c:248
Read of size 4 at addr ffc06a8d82
The field 'debug_mask' of struct netlink_mon_handler was left
uninitialized in do_command_monitor() so it contained garbage from the
stack. Fix this by initializing it with the debug_mask value from struct
netlink_ctx.
While being at it, change the code to make use of C99-style initializer,
which
Phil Sutter wrote:
> On Thu, Sep 21, 2017 at 05:51:12PM +0200, Pablo Neira Ayuso wrote:
> > On Thu, Sep 21, 2017 at 05:43:09PM +0200, Florian Westphal wrote:
> > > Phil Sutter wrote:
> > > > With the proposed implementation of nft_print(), this will be
> > > > problematic: nft_run_cmd_from_buffer
I developed a filter module for ulogd2 similar to the PWSNIFF module
that is getting the hostname and URI of HTTP GET/POST requests from raw
packets and i was experiencing segfaults when long values were passed to
escape_string().
Its due to the fact that sql_createstmt() allocates 100 bytes p
Hi,
On Thu, Sep 21, 2017 at 05:51:12PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Sep 21, 2017 at 05:43:09PM +0200, Florian Westphal wrote:
> > Phil Sutter wrote:
> > > With the proposed implementation of nft_print(), this will be
> > > problematic: nft_run_cmd_from_buffer() waits for the command
On Thu, Sep 21, 2017 at 05:43:09PM +0200, Florian Westphal wrote:
> Phil Sutter wrote:
> > With the proposed implementation of nft_print(), this will be
> > problematic: nft_run_cmd_from_buffer() waits for the command to finish
> > before printing all the output at once. This obviously breaks moni
Phil Sutter wrote:
> With the proposed implementation of nft_print(), this will be
> problematic: nft_run_cmd_from_buffer() waits for the command to finish
> before printing all the output at once. This obviously breaks monitor
> which runs endlessly.
>
> Maybe we should reference nft_print via a
Hi,
On Mon, Sep 04, 2017 at 10:53:04PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Sep 04, 2017 at 10:43:48PM +0200, Pablo Neira Ayuso wrote:
> > On Mon, Sep 04, 2017 at 09:55:58AM +0200, Eric Leblond wrote:
> > > This patch introduces the nft_print function that has to be used
> > > instead of prin
If scanner_read_file() failed, the function would return an
uninitialized value.
Fixes: 3db28321b64a6 ("src: add nft_run_cmd_*() functions")
Signed-off-by: Phil Sutter
---
src/main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/main.c b/src/main.c
index 702ef30237b3
On Thu, Sep 21, 2017 at 08:52:56AM +0200, Arturo Borrero Gonzalez wrote:
> On 20 September 2017 at 12:14, Shyam Saini wrote:
> > This new operation allows to import ruleset in json to make
> > incremental changes using the parse functions of libnftnl.
> >
> > A basic way to test this new functiona
17 matches
Mail list logo
