proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-10-06 18:19:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix print_ipt: segfault if more then one filter with action -j MARK.

Browse Source 
BUG: tc filter show ... produce a segmentation fault if more than one
filter rule with action -j MARK exists.

Reason: In print_ipt(...) xtables will be initialzed with a
pointer to the static struct tcipt_globals at xtables_init_all().
Later on the fields .opts and .options_offset of tcipt_globals are
modified. The call of xtables_free_opts(1) at the end of print(...)
does not restore the original values of tcipt_globals for the
modified fields. It only frees some allocated memory and sets
.opts to NULL. This leads to a segmentation fault when print_ipt()
is called for the next filter rule with action -j MARK.

Fix: Cloneing tcipt_globals on the stack as tmp_tcipt_globals and
use it instead of tcipt_globals, so tcipt_globals will be not
modified.

Signed-off-by: Andreas Greve <andreas.greve@a-greve.de>
This commit is contained in:
Andreas Greve 2014-05-10 11:19:18 +02:00 committed by Stephen Hemminger
parent 63f60e3ab3
commit 6e2e5ec28b
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tc/m_xt.c
View File

@ -298,7 +298,10 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
if (arg == NULL) if (arg == NULL)
return -1; return -1;
xtables_init_all(&tcipt_globals, NFPROTO_IPV4); /* copy tcipt_globals because .opts will be modified by iptables */
struct xtables_globals tmp_tcipt_globals = tcipt_globals;
xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4);
set_lib_dir(); set_lib_dir();
parse_rtattr_nested(tb, TCA_IPT_MAX, arg); parse_rtattr_nested(tb, TCA_IPT_MAX, arg);
@ -333,12 +336,12 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
} }
#if (XTABLES_VERSION_CODE >= 6) #if (XTABLES_VERSION_CODE >= 6)
opts = xtables_options_xfrm(tcipt_globals.orig_opts, opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts,
tcipt_globals.opts, tmp_tcipt_globals.opts,
m->x6_options, m->x6_options,
&m->option_offset); &m->option_offset);
#else #else
opts = xtables_merge_options(tcipt_globals.opts, opts = xtables_merge_options(tmp_tcipt_globals.opts,
m->extra_opts, m->extra_opts,
&m->option_offset); &m->option_offset);
#endif #endif
@ -346,7 +349,7 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg);
return -1; return -1;
} else } else
tcipt_globals.opts = opts; tmp_tcipt_globals.opts = opts;
} else { } else {
fprintf(stderr, " failed to find target %s\n\n", fprintf(stderr, " failed to find target %s\n\n",
t->u.user.name); t->u.user.name);