{"id":2227282,"url":"http://patchwork.ozlabs.org/api/covers/2227282/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/CAC-THR-m=VEy9N=xc_gBSySxESamwsLNWy4tBuuCXxZQ7qJfMw@mail.gmail.com/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"","list_archive_url":null,"date":"2026-04-23T11:29:52","name":"[0/1] netfilter: nfnetlink_queue: fix missing padding in NFQA_PAYLOAD attribute","submitter":{"id":93237,"url":"http://patchwork.ozlabs.org/api/people/93237/?format=json","name":"Ramesh Adhikari","email":"adhikari.resume@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/CAC-THR-m=VEy9N=xc_gBSySxESamwsLNWy4tBuuCXxZQ7qJfMw@mail.gmail.com/mbox/","series":[{"id":501184,"url":"http://patchwork.ozlabs.org/api/series/501184/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501184","date":"2026-04-23T11:29:52","name":"netfilter: nfnetlink_queue: fix missing padding in NFQA_PAYLOAD attribute","version":1,"mbox":"http://patchwork.ozlabs.org/series/501184/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2227282/comments/","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=N2lC3Pfo;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12154-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"N2lC3Pfo\"","smtp.subspace.kernel.org;\n arc=pass smtp.client-ip=209.85.221.171","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1Ymv6wsGz1yD5\n\tfor ; Thu, 23 Apr 2026 21:30:39 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id B3ECB303431B\n\tfor ; Thu, 23 Apr 2026 11:30:09 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id DC9C83E92A3;\n\tThu, 23 Apr 2026 11:30:07 +0000 (UTC)","from mail-vk1-f171.google.com (mail-vk1-f171.google.com\n [209.85.221.171])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 38E083E9292\n\tfor ; Thu, 23 Apr 2026 11:30:06 +0000 (UTC)","by mail-vk1-f171.google.com with SMTP id\n 71dfb90a1353d-56dfd007d31so4015157e0c.3\n for ;\n Thu, 23 Apr 2026 04:30:06 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776943807; cv=pass;\n b=MYKc72l5iIwpQlp+ZZsVTm7FTsVNCbF+Ea87RVFVOpklBr9Yadbs1PMaFF+itaDn0nXoqji5LOu/1p7u53sZicHLyDSy9JVxb18N10mvd6D0Wv+U0r7EkGj4tgxhFU54FV7rEDyf6A8E5rDnqcD60r0c0dNOLG5vEqhBhpPXPEw=","i=1; a=rsa-sha256; t=1776943805; cv=none;\n d=google.com; s=arc-20240605;\n b=NGOzUvbZM9b544mTTwg25mjfBk2iX2wQcsh5kcU3ONHDovjf+GvuzeEueZ8l0COpSs\n LF6a0Ua45tS8byMeun4DY/2yGbXI5+191B4vugephrFHbfqZziqcLufp4rriX2oxeBwn\n WrMyVgJpY7qO2AgRLZPJKC5ZQqwJQYjwCK2Q1drn2PNddI/HkrWBmm6kP1LZzQHtIHSA\n GXGcPhJpUQxa9YP3eAyajjqS78vDgGvaq4gBePi+pfIxgh1rjvbykKZtmIF/b6UNDW5n\n os1S7JsLCwbCbVBPJZREoZFmVILGvNwGVPPjm24OjspPIZiw2yY1FJEW2QXjBAonckqL\n aCWA=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776943807; c=relaxed/simple;\n\tbh=T4LShQj9jiOPwMnozdDj01/Lj+CiM23s8wcbkKMymDY=;\n\th=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Content-Type;\n b=PRKgPXXPxa123ygHRXp1PiPFbQLmk2cgXfwejYs0844EvNd0YiZg6zzcZcOObZkY9RFwFfpdSkobJIqEcUr2OqmuG5NGa2nB8FtO4IYBKfI2HNLXhBjUKifDNzj017TwecFfN9OHTh0Q+BuEDZ0Dd05nQW+u7GJYD323jh8ML+0=","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=cc:to:subject:message-id:date:from:mime-version:dkim-signature;\n bh=x58fs5tyz9iJ+tAmsZX43STXvFZsxV8FygOoUaHevxE=;\n fh=i8nWucUDDcuJZrAc5F/lTqZ3W31vqALi8eeFadgPUj8=;\n b=APqu2UJBVXLKO8H9Uu1KlPC1L94Z/xQLwo8CD5C4/PhjpuRtJSaIVbvN7JwQhzbSfo\n Ptlw7NYBSasO8oBxL122o3wuyvxMODHWkv67iTwfCtlNuydDw97mImb+4Txc7eE7vQKG\n QmLPkR+VIMkReNrXXl4cevBUT4hK5qHbu0NKTg2+OPU563LzPpXLCR6td+izpT/wcWqw\n Je1O6gdV7suux4m/vSWYws8cCzLtLDM0On98be5V0bjw4xROImjb/LHE00GhPxaZH5s+\n 8jd1QaSb47eIpwbNg7bCpjBKS9ymi8vvJFMkbXj4OYKyV0uUmRMTFI4vRt22wkamVEQC\n 3lOQ==;\n darn=vger.kernel.org"],"ARC-Authentication-Results":["i=2; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=N2lC3Pfo; arc=pass smtp.client-ip=209.85.221.171","i=1; mx.google.com; arc=none"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776943805; x=1777548605;\n darn=vger.kernel.org;\n h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject\n :date:message-id:reply-to;\n bh=x58fs5tyz9iJ+tAmsZX43STXvFZsxV8FygOoUaHevxE=;\n b=N2lC3Pfo4xx3nbbMu91DbwBGdjVxaOPAMMaraYosTxO8hSsNKg6iVY/7ChgBjBCYOA\n oZwzEDS8xWkiMrjpN4f2RAqPqsp/CFALs9xcLqTjKen/1ii3nWSLCDwq2ucryFTbtzb5\n x0WmkafrJVOW5OaYWtlygTCzd69WT8dHRp8/C4HJw4bL4lp5AQh4UPzwukzYdLpt9d7u\n pHjhwvYKduq5Ux/wHh9m9xGvkiHZGEoD/lMoUGPydvBrdfutt1kDzLaHjsNmHXYWNDGD\n EADC5/H5bWUW6InLER1oUXAxvJknafp8EHFBjRpH7XIfFcwL5FksyJe5cpFINJ4YWJoN\n c3tQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776943805; x=1777548605;\n h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=x58fs5tyz9iJ+tAmsZX43STXvFZsxV8FygOoUaHevxE=;\n b=ck9ETxkmifhpDZeaxYweiBTK9vf7WS8WtFRBAmWzVxtCKddv2CqIcTyCBkxiNsDgK/\n Jnu7jq4sl7QQoACQbbidSZSwktdzqhrNyxloyaPy2MFeggS+RH5vtfrG8QSIvrkcaP7B\n +2wNZoJbA0BGJ2/nlOrYWRqIfw61KnknUgcN13E2prnVWKWVnv7LrTPU0QgM5wdAf1hV\n wcEKtzQknuvQPcE+NC4C4rSkaNq2zx53JmWyDdJhilCqmAtTQ1COeDKeJ95RVbB8PpeN\n bBaSsBNJbcmsGvgYwj8yAoaRMYNkjOKGS1e0TzCL5wt0noS0KBLt3HC1Md3cspGcH9Tv\n Xh1w==","X-Gm-Message-State":"AOJu0YxxwWpqjNYV14ZkE7pA5gTzH5Mb9k7Gjw7WfYSq0Wwn6sLvnnLq\n\t5GR/1j60o/XoGgCsRWN0wZkPOqRLykZXymVuzavFPQK7DAnePofrAOi+ovEFje7VCy77skMgAdf\n\tdkSsKrbfqKMiQsvM4g1ZbhmnpX4zjpz75Spo=","X-Gm-Gg":"AeBDiev6tgn8JZFYb+kbuh8bKd29hfC7ng55raXu1pHyU2bvoD+0nqFHQdShurHfh92\n\tyPQUbLsKLpJStppciYAgKCxh0HAHEmS6DaiBAD7QFRIpUtbhgWZM+3gt7C+AYUs5UUgCko/Vlzp\n\t1qhSgbQieQD5JtLLAyZ9Pp8XQjRCxcIvE5PkyhOQai6hq49J3N3zkjnb5SVYo5MaQRfbVippEH9\n\tCzh5LRb8nq+rZTj05t/vF6SR96R8XF+RDs/7QWJzIn44yLbIiTYmibwQzb/nFVCuOiT9dRS+7LC\n\ttZCK6T8itaEMB3ccmsLozMWHG9vl+s7S33JJ7xcIQWUie8C5","X-Received":"by 2002:a05:6122:d95:b0:56c:db9e:7d04 with SMTP id\n 71dfb90a1353d-56fa59b54cfmr13938953e0c.10.1776943804949; Thu, 23 Apr 2026\n 04:30:04 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","From":"Ramesh Adhikari ","Date":"Thu, 23 Apr 2026 16:59:52 +0530","X-Gm-Features":"AQROBzBgelQotVXV1c8ciDn0tPpiuCL74qxlCARfkOd-_4vqr4e8nowfr2krRa0","Message-ID":"\n ","Subject":"[PATCH 0/1] netfilter: nfnetlink_queue: fix missing padding in\n NFQA_PAYLOAD attribute","To":"netfilter-devel@vger.kernel.org","Cc":"pablo@netfilter.org","Content-Type":"text/plain; charset=\"UTF-8\""},"content":"Hi Netfilter developers,\n\nI found a netlink attribute construction bug in nfnetlink_queue similar\nto the one recently fixed in nfnetlink_log (commit 52025ebaa29).\n\nISSUE:\nIn net/netfilter/nfnetlink_queue.c lines 894-899, the NFQA_PAYLOAD\nattribute is manually constructed without allocating padding bytes:\n\n nla = skb_put(skb, sizeof(*nla));\n nla->nla_type = NFQA_PAYLOAD;\n nla->nla_len = nla_attr_size(data_len);\n if (skb_zerocopy(skb, entskb, data_len, hlen))\n goto nla_put_failure;\n\nThis allocates only (4 + data_len) bytes. For data_len=5, this is 9 bytes.\n\nHowever, nla_next() expects padding:\n totlen = NLA_ALIGN(nla->nla_len); // NLA_ALIGN(9) = 12\n\nThe netlink message is 3 bytes short of what the parser expects.\n\nPROOF:\nWith copy_range=5, captured netlink messages are 73 bytes (should be 76).\nThe message ends immediately after the 5th data byte with no padding.\n\nFIX:\nReplace manual construction with __nla_reserve(), like all other\nattributes in the file:\n\n nla = __nla_reserve(skb, NFQA_PAYLOAD, data_len);\n if (!nla)\n goto nla_put_failure;\n if (skb_zerocopy(skb, entskb, data_len, hlen))\n goto nla_put_failure;\n\nIMPACT:\nCorrectness issue - violates netlink protocol. Could cause userspace\nparsers to misparse or crash if they don't check message boundaries.\n\nI can submit a formal patch if needed.\n\nBest regards,\nRamesh Adhikari\nSecurity Researcher\nhttps://iotsec.in"}