xlate/ipt: set the number of entries in the response to iptables

On IPT_SO_SET_REPLACE requests, a field is dedicated to store the number of entries, but this field was left unset in the response, leading to a buffer overflow in iptables. Set the number of entries in the response to fix this error.
facebook · Aug 23, 2024 · d43a068 · d43a068
1 parent 09e9005
commit d43a068
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/xlate/ipt/ipt.c b/src/xlate/ipt/ipt.c
@@ -474,6 +474,7 @@ static int _bf_ipt_set_rules_handler(struct ipt_replace *replace, size_t len)
     memcpy(_cache->hook_entry, replace->hook_entry, sizeof(_cache->hook_entry));
     memcpy(_cache->underflow, replace->underflow, sizeof(_cache->underflow));
     _cache->size = replace->size;
+    _cache->num_entries = replace->num_entries;
 
     free(_cache->entries);
     _cache->entries = TAKE_PTR(entries);