diff options
| author | David S. Miller <davem@davemloft.net> | 2012-11-22 15:27:18 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-11-22 15:27:18 -0500 |
| commit | 84ec95b047d2d02552f07c06d9d6da8b61532090 (patch) | |
| tree | 3fc7861a6a2d1ad22722bb905bd3731623463f0f | |
| parent | 5e7873d1450e1809b017b943417530db3955ac5f (diff) | |
| parent | e93b5f9f320db431ec8623a4c667811007e07fd7 (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:
====================
The following patchset contains two Netfilter fixes:
* Fix buffer overflow in the name of the timeout policy object
in the cttimeout infrastructure, from Florian Westphal.
* Fix a bug in the hash set in case that IP ranges are
specified, from Jozsef Kadlecsik.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ip.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 7 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 7 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 7 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_cttimeout.c | 3 |
5 files changed, 15 insertions, 13 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c index ec3dba5dcd62..5c0b78528e55 100644 --- a/net/netfilter/ipset/ip_set_hash_ip.c +++ b/net/netfilter/ipset/ip_set_hash_ip.c | |||
| @@ -173,6 +173,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 173 | return adtfn(set, &nip, timeout, flags); | 173 | return adtfn(set, &nip, timeout, flags); |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | ip_to = ip; | ||
| 176 | if (tb[IPSET_ATTR_IP_TO]) { | 177 | if (tb[IPSET_ATTR_IP_TO]) { |
| 177 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | 178 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); |
| 178 | if (ret) | 179 | if (ret) |
| @@ -185,8 +186,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 185 | if (!cidr || cidr > 32) | 186 | if (!cidr || cidr > 32) |
| 186 | return -IPSET_ERR_INVALID_CIDR; | 187 | return -IPSET_ERR_INVALID_CIDR; |
| 187 | ip_set_mask_from_to(ip, ip_to, cidr); | 188 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 188 | } else | 189 | } |
| 189 | ip_to = ip; | ||
| 190 | 190 | ||
| 191 | hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1); | 191 | hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1); |
| 192 | 192 | ||
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index 0171f7502fa5..6283351f4eeb 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
| @@ -162,7 +162,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 162 | const struct ip_set_hash *h = set->data; | 162 | const struct ip_set_hash *h = set->data; |
| 163 | ipset_adtfn adtfn = set->variant->adt[adt]; | 163 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 164 | struct hash_ipport4_elem data = { }; | 164 | struct hash_ipport4_elem data = { }; |
| 165 | u32 ip, ip_to = 0, p = 0, port, port_to; | 165 | u32 ip, ip_to, p = 0, port, port_to; |
| 166 | u32 timeout = h->timeout; | 166 | u32 timeout = h->timeout; |
| 167 | bool with_ports = false; | 167 | bool with_ports = false; |
| 168 | int ret; | 168 | int ret; |
| @@ -210,7 +210,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 210 | return ip_set_eexist(ret, flags) ? 0 : ret; | 210 | return ip_set_eexist(ret, flags) ? 0 : ret; |
| 211 | } | 211 | } |
| 212 | 212 | ||
| 213 | ip = ntohl(data.ip); | 213 | ip_to = ip = ntohl(data.ip); |
| 214 | if (tb[IPSET_ATTR_IP_TO]) { | 214 | if (tb[IPSET_ATTR_IP_TO]) { |
| 215 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | 215 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); |
| 216 | if (ret) | 216 | if (ret) |
| @@ -223,8 +223,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 223 | if (!cidr || cidr > 32) | 223 | if (!cidr || cidr > 32) |
| 224 | return -IPSET_ERR_INVALID_CIDR; | 224 | return -IPSET_ERR_INVALID_CIDR; |
| 225 | ip_set_mask_from_to(ip, ip_to, cidr); | 225 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 226 | } else | 226 | } |
| 227 | ip_to = ip; | ||
| 228 | 227 | ||
| 229 | port_to = port = ntohs(data.port); | 228 | port_to = port = ntohs(data.port); |
| 230 | if (with_ports && tb[IPSET_ATTR_PORT_TO]) { | 229 | if (with_ports && tb[IPSET_ATTR_PORT_TO]) { |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index 6344ef551ec8..6a21271c8d5a 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
| @@ -166,7 +166,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 166 | const struct ip_set_hash *h = set->data; | 166 | const struct ip_set_hash *h = set->data; |
| 167 | ipset_adtfn adtfn = set->variant->adt[adt]; | 167 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 168 | struct hash_ipportip4_elem data = { }; | 168 | struct hash_ipportip4_elem data = { }; |
| 169 | u32 ip, ip_to = 0, p = 0, port, port_to; | 169 | u32 ip, ip_to, p = 0, port, port_to; |
| 170 | u32 timeout = h->timeout; | 170 | u32 timeout = h->timeout; |
| 171 | bool with_ports = false; | 171 | bool with_ports = false; |
| 172 | int ret; | 172 | int ret; |
| @@ -218,7 +218,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 218 | return ip_set_eexist(ret, flags) ? 0 : ret; | 218 | return ip_set_eexist(ret, flags) ? 0 : ret; |
| 219 | } | 219 | } |
| 220 | 220 | ||
| 221 | ip = ntohl(data.ip); | 221 | ip_to = ip = ntohl(data.ip); |
| 222 | if (tb[IPSET_ATTR_IP_TO]) { | 222 | if (tb[IPSET_ATTR_IP_TO]) { |
| 223 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | 223 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); |
| 224 | if (ret) | 224 | if (ret) |
| @@ -231,8 +231,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 231 | if (!cidr || cidr > 32) | 231 | if (!cidr || cidr > 32) |
| 232 | return -IPSET_ERR_INVALID_CIDR; | 232 | return -IPSET_ERR_INVALID_CIDR; |
| 233 | ip_set_mask_from_to(ip, ip_to, cidr); | 233 | ip_set_mask_from_to(ip, ip_to, cidr); |
| 234 | } else | 234 | } |
| 235 | ip_to = ip; | ||
| 236 | 235 | ||
| 237 | port_to = port = ntohs(data.port); | 236 | port_to = port = ntohs(data.port); |
| 238 | if (with_ports && tb[IPSET_ATTR_PORT_TO]) { | 237 | if (with_ports && tb[IPSET_ATTR_PORT_TO]) { |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index cb71f9a774e7..2d5cd4ee30eb 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
| @@ -215,8 +215,8 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 215 | const struct ip_set_hash *h = set->data; | 215 | const struct ip_set_hash *h = set->data; |
| 216 | ipset_adtfn adtfn = set->variant->adt[adt]; | 216 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 217 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK - 1 }; | 217 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK - 1 }; |
| 218 | u32 ip, ip_to = 0, p = 0, port, port_to; | 218 | u32 ip, ip_to, p = 0, port, port_to; |
| 219 | u32 ip2_from = 0, ip2_to, ip2_last, ip2; | 219 | u32 ip2_from, ip2_to, ip2_last, ip2; |
| 220 | u32 timeout = h->timeout; | 220 | u32 timeout = h->timeout; |
| 221 | bool with_ports = false; | 221 | bool with_ports = false; |
| 222 | u8 cidr; | 222 | u8 cidr; |
| @@ -286,6 +286,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 286 | return ip_set_eexist(ret, flags) ? 0 : ret; | 286 | return ip_set_eexist(ret, flags) ? 0 : ret; |
| 287 | } | 287 | } |
| 288 | 288 | ||
| 289 | ip_to = ip; | ||
| 289 | if (tb[IPSET_ATTR_IP_TO]) { | 290 | if (tb[IPSET_ATTR_IP_TO]) { |
| 290 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); | 291 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); |
| 291 | if (ret) | 292 | if (ret) |
| @@ -306,6 +307,8 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 306 | if (port > port_to) | 307 | if (port > port_to) |
| 307 | swap(port, port_to); | 308 | swap(port, port_to); |
| 308 | } | 309 | } |
| 310 | |||
| 311 | ip2_to = ip2_from; | ||
| 309 | if (tb[IPSET_ATTR_IP2_TO]) { | 312 | if (tb[IPSET_ATTR_IP2_TO]) { |
| 310 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to); | 313 | ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to); |
| 311 | if (ret) | 314 | if (ret) |
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c index 8847b4d8be06..701c88a20fea 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c | |||
| @@ -41,7 +41,8 @@ MODULE_DESCRIPTION("cttimeout: Extended Netfilter Connection Tracking timeout tu | |||
| 41 | static LIST_HEAD(cttimeout_list); | 41 | static LIST_HEAD(cttimeout_list); |
| 42 | 42 | ||
| 43 | static const struct nla_policy cttimeout_nla_policy[CTA_TIMEOUT_MAX+1] = { | 43 | static const struct nla_policy cttimeout_nla_policy[CTA_TIMEOUT_MAX+1] = { |
| 44 | [CTA_TIMEOUT_NAME] = { .type = NLA_NUL_STRING }, | 44 | [CTA_TIMEOUT_NAME] = { .type = NLA_NUL_STRING, |
| 45 | .len = CTNL_TIMEOUT_NAME_MAX - 1}, | ||
| 45 | [CTA_TIMEOUT_L3PROTO] = { .type = NLA_U16 }, | 46 | [CTA_TIMEOUT_L3PROTO] = { .type = NLA_U16 }, |
| 46 | [CTA_TIMEOUT_L4PROTO] = { .type = NLA_U8 }, | 47 | [CTA_TIMEOUT_L4PROTO] = { .type = NLA_U8 }, |
| 47 | [CTA_TIMEOUT_DATA] = { .type = NLA_NESTED }, | 48 | [CTA_TIMEOUT_DATA] = { .type = NLA_NESTED }, |