[libnetfilter_conntrack] helper: fix missing copy function for helper name
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Nov 23 15:38:15 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=972e6b3c19f3c79b59804308efac447bd2d016ec
commit 972e6b3c19f3c79b59804308efac447bd2d016ec
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Nov 23 15:31:29 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Nov 23 15:31:29 2008 +0100
helper: fix missing copy function for helper name
This patch fixes a NULL dereference to a function pointer in
nfct_copy() that is triggered when you try to copy the helper
name. This patch also adds an assertion to easily report similar
problems in the future.
Thanks to <pageexec at freemail.hu> for his detailed debugging report.
Reported-by: Wolfram Schlich <lists at wolfram.schlich.org>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0f94ee526d87d0e02a742dc22af959e873ce22e2
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Nov 23 15:24:13 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Nov 23 15:24:13 2008 +0100
qa: add test file to check for missing indirect function calls
This patch adds a rudimentary test file to check for possible unset
indirect function calls. This automated test should be run after
adding a new attribute.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 87a0dfec43336ed957a414a1cb5e02239e04a9b8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Nov 23 15:21:05 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Nov 23 15:21:05 2008 +0100
src: set specific array size for the API
This patch adds the size of the arrays to set to NULL unset
elements. This helps to spot unset functions for new attributes.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 972e6b3c19f3c79b59804308efac447bd2d016ec (commit)
via 0f94ee526d87d0e02a742dc22af959e873ce22e2 (commit)
via 87a0dfec43336ed957a414a1cb5e02239e04a9b8 (commit)
from 82c9c883859979ac7dc01dcb8d1870117e865ebe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 972e6b3c19f3c79b59804308efac447bd2d016ec
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Nov 23 15:31:29 2008 +0100
helper: fix missing copy function for helper name
This patch fixes a NULL dereference to a function pointer in
nfct_copy() that is triggered when you try to copy the helper
name. This patch also adds an assertion to easily report similar
problems in the future.
Thanks to <pageexec at freemail.hu> for his detailed debugging report.
Reported-by: Wolfram Schlich <lists at wolfram.schlich.org>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 0f94ee526d87d0e02a742dc22af959e873ce22e2
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Nov 23 15:24:13 2008 +0100
qa: add test file to check for missing indirect function calls
This patch adds a rudimentary test file to check for possible unset
indirect function calls. This automated test should be run after
adding a new attribute.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 87a0dfec43336ed957a414a1cb5e02239e04a9b8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Nov 23 15:21:05 2008 +0100
src: set specific array size for the API
This patch adds the size of the arrays to set to NULL unset
elements. This helps to spot unset functions for new attributes.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
Makefile.am | 2 +-
configure.in | 2 +-
qa/Makefile.am | 7 +++
qa/test_api.c | 102 ++++++++++++++++++++++++++++++++++++++++++++
src/conntrack/api.c | 5 ++
src/conntrack/copy.c | 10 ++++-
src/conntrack/filter.c | 2 +-
src/conntrack/getter.c | 2 +-
src/conntrack/grp_getter.c | 2 +-
src/conntrack/grp_setter.c | 2 +-
src/conntrack/objopt.c | 4 +-
src/conntrack/setter.c | 2 +-
12 files changed, 132 insertions(+), 10 deletions(-)
create mode 100644 qa/Makefile.am
create mode 100644 qa/test_api.c
This patch adds the size of the arrays to set to NULL unset
elements. This helps to spot unset functions for new attributes.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 92866fb..45633f2 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -370,7 +370,7 @@ static void copy_attr_repl_off_aft(struct nf_conntrack *dest,
orig->tuple[__DIR_REPL].natseq.offset_after;
}
-copy_attr copy_attr_array[] = {
+copy_attr copy_attr_array[ATTR_MAX] = {
[ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst,
[ATTR_REPL_IPV4_SRC] = copy_attr_repl_ipv4_src,
diff --git a/src/conntrack/filter.c b/src/conntrack/filter.c
index 952cbba..7966e54 100644
--- a/src/conntrack/filter.c
+++ b/src/conntrack/filter.c
@@ -38,7 +38,7 @@ static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value)
filter->l3proto_elems[1]++;
}
-filter_attr filter_attr_array[] = {
+filter_attr filter_attr_array[NFCT_FILTER_MAX] = {
[NFCT_FILTER_L4PROTO] = filter_attr_l4proto,
[NFCT_FILTER_L4PROTO_STATE] = filter_attr_l4proto_state,
[NFCT_FILTER_SRC_IPV4] = filter_attr_src_ipv4,
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index 658d010..65661d4 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -287,7 +287,7 @@ static const void *get_attr_helper_name(const struct nf_conntrack *ct)
return ct->helper_name;
}
-get_attr get_attr_array[] = {
+get_attr get_attr_array[ATTR_MAX] = {
[ATTR_ORIG_IPV4_SRC] = get_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = get_attr_orig_ipv4_dst,
[ATTR_REPL_IPV4_SRC] = get_attr_repl_ipv4_src,
diff --git a/src/conntrack/grp_getter.c b/src/conntrack/grp_getter.c
index adfd903..60e0b7e 100644
--- a/src/conntrack/grp_getter.c
+++ b/src/conntrack/grp_getter.c
@@ -92,7 +92,7 @@ static void get_attr_grp_repl_ctrs(const struct nf_conntrack *ct, void *data)
this->bytes = ct->counters[__DIR_REPL].bytes;
}
-get_attr_grp get_attr_grp_array[] = {
+get_attr_grp get_attr_grp_array[ATTR_GRP_MAX] = {
[ATTR_GRP_ORIG_IPV4] = get_attr_grp_orig_ipv4,
[ATTR_GRP_REPL_IPV4] = get_attr_grp_repl_ipv4,
[ATTR_GRP_ORIG_IPV6] = get_attr_grp_orig_ipv6,
diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c
index 16f0a10..99ae4f8 100644
--- a/src/conntrack/grp_setter.c
+++ b/src/conntrack/grp_setter.c
@@ -140,7 +140,7 @@ static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value)
{
}
-set_attr_grp set_attr_grp_array[] = {
+set_attr_grp set_attr_grp_array[ATTR_GRP_MAX] = {
[ATTR_GRP_ORIG_IPV4] = set_attr_grp_orig_ipv4,
[ATTR_GRP_REPL_IPV4] = set_attr_grp_repl_ipv4,
[ATTR_GRP_ORIG_IPV6] = set_attr_grp_orig_ipv6,
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
index 682cba1..d678f2d 100644
--- a/src/conntrack/objopt.c
+++ b/src/conntrack/objopt.c
@@ -72,7 +72,7 @@ static void setobjopt_setup_repl(struct nf_conntrack *ct)
__autocomplete(ct, __DIR_REPL);
}
-setobjopt setobjopt_array[] = {
+setobjopt setobjopt_array[__NFCT_SOPT_MAX] = {
[NFCT_SOPT_UNDO_SNAT] = setobjopt_undo_snat,
[NFCT_SOPT_UNDO_DNAT] = setobjopt_undo_dnat,
[NFCT_SOPT_UNDO_SPAT] = setobjopt_undo_spat,
@@ -122,7 +122,7 @@ static int getobjopt_is_dpat(const struct nf_conntrack *ct)
ct->tuple[__DIR_ORIG].l4dst.tcp.port);
}
-getobjopt getobjopt_array[] = {
+getobjopt getobjopt_array[__NFCT_GOPT_MAX] = {
[NFCT_GOPT_IS_SNAT] = getobjopt_is_snat,
[NFCT_GOPT_IS_DNAT] = getobjopt_is_dnat,
[NFCT_GOPT_IS_SPAT] = getobjopt_is_spat,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 3291bd1..6e275ab 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -316,7 +316,7 @@ static void set_attr_helper_name(struct nf_conntrack *ct, const void *value)
static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
-set_attr set_attr_array[] = {
+set_attr set_attr_array[ATTR_MAX] = {
[ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst,
[ATTR_REPL_IPV4_SRC] = set_attr_repl_ipv4_src,
More information about the netfilter-cvslog
mailing list