diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-05-01 23:12:22 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-05-01 23:48:32 -0400 |
| commit | 46c5ea3c9ae7fbc6e52a13c92e59d4fc7f4ca80a (patch) | |
| tree | 4ab2c54a0b0d9621ed42c032cc67d93638c8681c /include | |
| parent | 9817d207dc13e3a9fc0287bbd36bdfa3cffe5ed4 (diff) | |
[NETFILTER] x_tables: fix compat related crash on non-x86
When iptables userspace adds an ipt_standard_target, it calculates the size
of the entire entry as:
sizeof(struct ipt_entry) + XT_ALIGN(sizeof(struct ipt_standard_target))
ipt_standard_target looks like this:
struct xt_standard_target
{
struct xt_entry_target target;
int verdict;
};
xt_entry_target contains a pointer, so when compiled for 64 bit the
structure gets an extra 4 byte of padding at the end. On 32 bit
architectures where iptables aligns to 8 byte it will also have 4
byte padding at the end because it is only 36 bytes large.
The compat_ipt_standard_fn in the kernel adjusts the offsets by
sizeof(struct ipt_standard_target) - sizeof(struct compat_ipt_standard_target),
which will always result in 4, even if the structure from userspace
was already padded to a multiple of 8. On x86 this works out by
accident because userspace only aligns to 4, on all other
architectures this is broken and causes incorrect adjustments to
the size and following offsets.
Thanks to Linus for lots of debugging help and testing.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 38701454e197..48cc32d83f77 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -337,6 +337,10 @@ struct compat_xt_entry_match | |||
| 337 | char name[XT_FUNCTION_MAXNAMELEN - 1]; | 337 | char name[XT_FUNCTION_MAXNAMELEN - 1]; |
| 338 | u_int8_t revision; | 338 | u_int8_t revision; |
| 339 | } user; | 339 | } user; |
| 340 | struct { | ||
| 341 | u_int16_t match_size; | ||
| 342 | compat_uptr_t match; | ||
| 343 | } kernel; | ||
| 340 | u_int16_t match_size; | 344 | u_int16_t match_size; |
| 341 | } u; | 345 | } u; |
| 342 | unsigned char data[0]; | 346 | unsigned char data[0]; |
| @@ -350,6 +354,10 @@ struct compat_xt_entry_target | |||
| 350 | char name[XT_FUNCTION_MAXNAMELEN - 1]; | 354 | char name[XT_FUNCTION_MAXNAMELEN - 1]; |
| 351 | u_int8_t revision; | 355 | u_int8_t revision; |
| 352 | } user; | 356 | } user; |
| 357 | struct { | ||
| 358 | u_int16_t target_size; | ||
| 359 | compat_uptr_t target; | ||
| 360 | } kernel; | ||
| 353 | u_int16_t target_size; | 361 | u_int16_t target_size; |
| 354 | } u; | 362 | } u; |
| 355 | unsigned char data[0]; | 363 | unsigned char data[0]; |