bug in libnetfilter_log

aton aton at packetdropped.org
Tue Feb 7 23:09:39 CET 2006


i installed:

- libnfnetlink-0.0.14
- libnetfilter_log-0.0.12 

the file libnetfilter_log-0.0.12/utils/nfulnl_test.c uses nflog_get_payload();

if i just compile it and run it, it will segfault, while returning from cb().
if i comment out the call to nflog_get_payload(), it wont segfault.

so i guess this function call somehow overwrites the return address of the cb() function on the stack. 

i dont understand the nflog_get_payload() code by looking at it, and dont have time to read into it, 
so i just wanted to inform the one who wrote it.
please have a look at it, i think this perhaps even could be a security risk?

greetings, aton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060207/f7c3c6c3/attachment.pgp

More information about the netfilter-devel mailing list