diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-04-13 07:45:57 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-04-13 07:45:57 -0400 |
| commit | eafbd3fde6fc5ada0d61307367e408813b04928a (patch) | |
| tree | 4a8a2f60317d3f50b5633e47023e4fdcb0d0408d /net | |
| parent | 0e8a835aa59d08d702af0fcfd296e2218b2e344b (diff) | |
netfilter: ipset: set match and SET target fixes
The SET target with --del-set did not work due to using wrongly
the internal dimension of --add-set instead of --del-set.
Also, the checkentries did not release the set references when
returned an error. Bugs reported by Lennert Buytenhek.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_set.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c index 061d48cec137..b3babaed7719 100644 --- a/net/netfilter/xt_set.c +++ b/net/netfilter/xt_set.c | |||
| @@ -81,6 +81,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) | |||
| 81 | if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { | 81 | if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { |
| 82 | pr_warning("Protocol error: set match dimension " | 82 | pr_warning("Protocol error: set match dimension " |
| 83 | "is over the limit!\n"); | 83 | "is over the limit!\n"); |
| 84 | ip_set_nfnl_put(info->match_set.index); | ||
| 84 | return -ERANGE; | 85 | return -ERANGE; |
| 85 | } | 86 | } |
| 86 | 87 | ||
| @@ -135,6 +136,8 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) | |||
| 135 | if (index == IPSET_INVALID_ID) { | 136 | if (index == IPSET_INVALID_ID) { |
| 136 | pr_warning("Cannot find del_set index %u as target\n", | 137 | pr_warning("Cannot find del_set index %u as target\n", |
| 137 | info->del_set.index); | 138 | info->del_set.index); |
| 139 | if (info->add_set.index != IPSET_INVALID_ID) | ||
| 140 | ip_set_nfnl_put(info->add_set.index); | ||
| 138 | return -ENOENT; | 141 | return -ENOENT; |
| 139 | } | 142 | } |
| 140 | } | 143 | } |
| @@ -142,6 +145,10 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) | |||
| 142 | info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) { | 145 | info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) { |
| 143 | pr_warning("Protocol error: SET target dimension " | 146 | pr_warning("Protocol error: SET target dimension " |
| 144 | "is over the limit!\n"); | 147 | "is over the limit!\n"); |
| 148 | if (info->add_set.index != IPSET_INVALID_ID) | ||
| 149 | ip_set_nfnl_put(info->add_set.index); | ||
| 150 | if (info->del_set.index != IPSET_INVALID_ID) | ||
| 151 | ip_set_nfnl_put(info->del_set.index); | ||
| 145 | return -ERANGE; | 152 | return -ERANGE; |
| 146 | } | 153 | } |
| 147 | 154 | ||
| @@ -192,6 +199,7 @@ set_match_checkentry(const struct xt_mtchk_param *par) | |||
| 192 | if (info->match_set.dim > IPSET_DIM_MAX) { | 199 | if (info->match_set.dim > IPSET_DIM_MAX) { |
| 193 | pr_warning("Protocol error: set match dimension " | 200 | pr_warning("Protocol error: set match dimension " |
| 194 | "is over the limit!\n"); | 201 | "is over the limit!\n"); |
| 202 | ip_set_nfnl_put(info->match_set.index); | ||
| 195 | return -ERANGE; | 203 | return -ERANGE; |
| 196 | } | 204 | } |
| 197 | 205 | ||
| @@ -219,7 +227,7 @@ set_target(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 219 | if (info->del_set.index != IPSET_INVALID_ID) | 227 | if (info->del_set.index != IPSET_INVALID_ID) |
| 220 | ip_set_del(info->del_set.index, | 228 | ip_set_del(info->del_set.index, |
| 221 | skb, par->family, | 229 | skb, par->family, |
| 222 | info->add_set.dim, | 230 | info->del_set.dim, |
| 223 | info->del_set.flags); | 231 | info->del_set.flags); |
| 224 | 232 | ||
| 225 | return XT_CONTINUE; | 233 | return XT_CONTINUE; |
| @@ -245,13 +253,19 @@ set_target_checkentry(const struct xt_tgchk_param *par) | |||
| 245 | if (index == IPSET_INVALID_ID) { | 253 | if (index == IPSET_INVALID_ID) { |
| 246 | pr_warning("Cannot find del_set index %u as target\n", | 254 | pr_warning("Cannot find del_set index %u as target\n", |
| 247 | info->del_set.index); | 255 | info->del_set.index); |
| 256 | if (info->add_set.index != IPSET_INVALID_ID) | ||
| 257 | ip_set_nfnl_put(info->add_set.index); | ||
| 248 | return -ENOENT; | 258 | return -ENOENT; |
| 249 | } | 259 | } |
| 250 | } | 260 | } |
| 251 | if (info->add_set.dim > IPSET_DIM_MAX || | 261 | if (info->add_set.dim > IPSET_DIM_MAX || |
| 252 | info->del_set.flags > IPSET_DIM_MAX) { | 262 | info->del_set.dim > IPSET_DIM_MAX) { |
| 253 | pr_warning("Protocol error: SET target dimension " | 263 | pr_warning("Protocol error: SET target dimension " |
| 254 | "is over the limit!\n"); | 264 | "is over the limit!\n"); |
| 265 | if (info->add_set.index != IPSET_INVALID_ID) | ||
| 266 | ip_set_nfnl_put(info->add_set.index); | ||
| 267 | if (info->del_set.index != IPSET_INVALID_ID) | ||
| 268 | ip_set_nfnl_put(info->del_set.index); | ||
| 255 | return -ERANGE; | 269 | return -ERANGE; |
| 256 | } | 270 | } |
| 257 | 271 | ||