[Bug 1492] New: Argument parsing buffer overflow in ipset_parse_argv

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Jan 15 17:35:07 CET 2021


https://bugzilla.netfilter.org/show_bug.cgi?id=1492

            Bug ID: 1492
           Summary: Argument parsing buffer overflow in ipset_parse_argv
           Product: ipset
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: default
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: marshallwhittaker at gmail.com

Created attachment 622
  --> https://bugzilla.netfilter.org/attachment.cgi?id=622&action=edit
Core dump file from ipset

Trying to pass arguments via xargs to ipset I ran across a buffer overflow in
the argument parsing ipset_parse_argv function.  I've reproduced this error on
Manjaro and Ubuntu Linux systems.  The error can be triggered by trying to add
more than 32 arguments (more than MAX_ARGS define) to the ipset command.

Example: ipset add a $(perl -e 'print "A "x64;')

Marshall / oxagast

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20210115/5989040e/attachment.html>


More information about the netfilter-buglog mailing list