Re: [PATCH] netfilter: x_tables: Use unsafe_memcpy() for 0-sized destination
From: Simon Horman
Date: Mon Feb 19 2024 - 12:19:34 EST
On Fri, Feb 16, 2024 at 03:31:32PM -0800, Kees Cook wrote:
> The struct xt_entry_target fake flexible array has not be converted to a
> true flexible array, which is mainly blocked by it being both UAPI and
> used in the middle of other structures. In order to properly check for
> 0-sized destinations in memcpy(), an exception must be made for the one
> place where it is still a destination. Since memcpy() was already
> skipping checks for 0-sized destinations, using unsafe_memcpy() is no
> change in behavior.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Simon Horman <horms@xxxxxxxxxx>