Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5158245rwb; Tue, 8 Aug 2023 22:38:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE16WNW0fRXnjgUbkE6pMrLm9+jceULL39lnsOPw7qahqMq14Y9veEpeAaPAdCpjMzuBzW8 X-Received: by 2002:ac2:53a9:0:b0:4f7:6453:f3f1 with SMTP id j9-20020ac253a9000000b004f76453f3f1mr988803lfh.15.1691559481533; Tue, 08 Aug 2023 22:38:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691559481; cv=none; d=google.com; s=arc-20160816; b=fisUVoI1eHqBXOVPmJ1lBDRTOIXCit9pVpzuHEafxfK1YHxLyCH4rTnTgvJzMZY+FZ du6jjCFbzboTcin+H59FV5jeapb+thNMNWdImyYAP5ZPSvMqyCTY21VAxktkRTy22OuR r+jeGVleREJJpD6QI5urfA/v15QVQUPHvBWIsRxVg2HAB6PDCk+r/ryA1rvMxxeUBV1t yoHbmKu8GOxNh5EH8KtBZNo5iwbd1wKym3Kx8lWd28pkZMGo3UHjO550TH0aIZDk45p5 g21HngF6nrBg2dBgqKsJ3XaOXh5xK2vmYIPStOkJ33Rbj7pzP0YGp/PbJDl+6bOeDY+X xyuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=MgVILf6HryktHXqmfxgkVxA4zZcsi/RWO8qnAEGilAY=; fh=5dabHbnJT4uyVehoiQY3gyXDdNXYlvO5/vrEb4w3xHk=; b=G/oFgETYnS1RgihPeuaw4sppd02DCF2H56l+nQQr/xfUf3irLHxRPtc2gJzftuLES8 bX/l2uG7Kj6aVfWANI7p7I5dJLr6cWj0tTIAe4Z68ARUy/efBD4pmH2v2b/cBgWp1mHX i9t7/LJZc9leOCxEHjFYwWo4uTZIpnGtgj4nXcgX9cApBa4oKYpgANpf5ypfWd4HxXkW FFfbZpw+5F/n4jsXo1xM4Pu0DqEzAkp7RoWcSj77wWJjPuad/yLud3Yctc4qy2Qc8jDk tPrzF9K0SWN/WmOanBTtphLhN9T9v6pAuq2H0CVL1zhLH9Qu6OB3qC/VaF6/eyd9el0p f0qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m11-20020a056402050b00b00523500f4b7dsi697681edv.449.2023.08.08.22.37.36; Tue, 08 Aug 2023 22:38:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230036AbjHIDZx (ORCPT + 99 others); Tue, 8 Aug 2023 23:25:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229543AbjHIDZv (ORCPT ); Tue, 8 Aug 2023 23:25:51 -0400 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A0721BF1; Tue, 8 Aug 2023 20:25:49 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.153]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4RLFnN5LKmz4f3wQh; Wed, 9 Aug 2023 11:25:44 +0800 (CST) Received: from [10.67.110.48] (unknown [10.67.110.48]) by APP1 (Coremail) with SMTP id cCh0CgA3sy84B9NkGt0JAQ--.33760S2; Wed, 09 Aug 2023 11:25:45 +0800 (CST) Message-ID: Date: Wed, 9 Aug 2023 11:25:44 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2] netfilter: ebtables: fix fortify warnings Content-Language: en-US To: "Gustavo A. R. Silva" Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , Roopa Prabhu , Nikolay Aleksandrov , Kees Cook , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Wang Weiyang , Xiu Jianfeng , gongruiqi1@huawei.com References: <20230808133038.771316-1-gongruiqi@huaweicloud.com> From: "GONG, Ruiqi" In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-CM-TRANSID: cCh0CgA3sy84B9NkGt0JAQ--.33760S2 X-Coremail-Antispam: 1UD129KBjvdXoW7Xr15Gr4rAw48Gw1kuFyxGrg_yoWkJrX_Aw srZr97GrWjya4Dtr45J39xXrn3XwnYvFy7WryIqrW8ZwnxJr1jk39rXr9Yvw1rJryxCr4U ArZ3GF98Gw1UGjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbIxYFVCjjxCrM7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E6xAIw20E Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwV A0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8IcVCY1x02 67AKxVWxJr0_GcWl84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2 j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7x kEbVWUJVW8JwACjcxG0xvEwIxGrwACI402YVCY1x02628vn2kIc2xKxwCYjI0SjxkI62AI 1cAE67vIY487MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I 8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUtVW8 ZwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x 0267AKxVW8JVWxJwCI42IY6xAIw20EY4v20xvaj40_Wr1j6rW3Jr1lIxAIcVC2z280aVAF wI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa 7IU1zuWJUUUUU== X-CM-SenderInfo: pjrqw2pxltxq5kxd4v5lfo033gof0z/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/08/09 0:32, Gustavo A. R. Silva wrote: > > [...] > >> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c >> index 757ec46fc45a..5ec66b1ebb64 100644 >> --- a/net/bridge/netfilter/ebtables.c >> +++ b/net/bridge/netfilter/ebtables.c >> @@ -2115,8 +2115,7 @@ static int size_entry_mwt(const struct ebt_entry *entry, const unsigned char *ba >> return ret; >> >> offsets[0] = sizeof(struct ebt_entry); /* matches come first */ >> - memcpy(&offsets[1], &entry->watchers_offset, >> - sizeof(offsets) - sizeof(offsets[0])); >> + memcpy(&offsets[1], &entry->offsets, sizeof(offsets) - sizeof(offsets[0])); > ^^^^^^^^^^^^ > You now can replace this ____________________________________| > with just `sizeof(entry->offsets)` > > With that change you can add my > Reviewed-by: Gustavo A. R. Silva > > Thank you > -- > Gustavo > Will do. Thanks for the suggestion & review! >> >> if (state->buf_kern_start) { >> buf_start = state->buf_kern_start + state->buf_kern_offset; >> -- >> 2.41.0 >>