Hi!
The Netfilter project proudly presents:
libnftnl 1.2.7
libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem.
This library is currently used by nftables.
This release contains fixes only:
* Avoid potential use-after-free when clearing set's expression list
* Avoid misc buffer overflows in attribute setters
* Implement nftnl_obj_unset symbol already exported in libnftnl.map
* Remove unimplemented symbols from libnftnl.map
* Drop some unused internal functions
* Validate per-expression and per-object attribute value and data length
* Enable some attribute validation where missing
* Fix synproxy object setter with unaligned data
* Fix for unsetting userdata attributes in table and chain objects
See ChangeLog that comes attached to this email for more details on
the updates.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
Happy firewalling.
-------------- next part --------------
Florian Westphal (1):
expr: fix buffer overflows in data value setters
Nicholas Vinson (1):
chain: Removed non-defined functions
Pablo Neira Ayuso (7):
object: define nftnl_obj_unset()
set: buffer overflow in NFTNL_SET_DESC_CONCAT setter
set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA}
obj: ct_timeout: setter checks for timeout array boundaries
expr: immediate: check for chain attribute to release chain name
udata: incorrect userdata buffer size validation
utils: remove unused code
Phil Sutter (24):
set: Do not leave free'd expr_list elements in place
tests: Fix objref test case
expr: Repurpose struct expr_ops::max_attr field
expr: Call expr_ops::set with legal types only
include: Sync nf_log.h with kernel headers
expr: Introduce struct expr_ops::attr_policy
expr: Enforce attr_policy compliance in nftnl_expr_set()
chain: Validate NFTNL_CHAIN_USE, too
table: Validate NFTNL_TABLE_USE, too
flowtable: Validate NFTNL_FLOWTABLE_SIZE, too
obj: Validate NFTNL_OBJ_TYPE, too
set: Validate NFTNL_SET_ID, too
table: Validate NFTNL_TABLE_OWNER, too
obj: Do not call nftnl_obj_set_data() with zero data_len
obj: synproxy: Use memcpy() to handle potentially unaligned data
utils: Fix for wrong variable use in nftnl_assert_validate()
obj: Return value on setters
obj: Repurpose struct obj_ops::max_attr field
obj: Call obj_ops::set with legal attributes only
obj: Introduce struct obj_ops::attr_policy
obj: Enforce attr_policy compliance in nftnl_obj_set_data()
utils: Introduce and use nftnl_set_str_attr()
obj: Respect data_len when setting attributes
expr: Respect data_len when setting attributes
corubba (1):
object: getters take const struct