[conntrack-tools] build: add attribute header size to total attribute length
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue Nov 25 01:57:09 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=6262a4a7b7139fb5636228cb0f5a1e72f848d871
commit 6262a4a7b7139fb5636228cb0f5a1e72f848d871
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Nov 25 01:56:47 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Nov 25 01:56:47 2008 +0100
build: add attribute header size to total attribute length
This patch adds the size of the attribute header (4 bytes) to the
length field of netattr. This fixes a possible invalid memory
access in malformed messages.
This change is included in the set of scheduled changes for 0.9.9
that break backward compatibility.
This patch also removes a memset of 4096 by one to initialize
the headers and the netattr paddings.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 6262a4a7b7139fb5636228cb0f5a1e72f848d871 (commit)
from 40efc1ebb15be022453f8c820c31099a8a0ebebd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6262a4a7b7139fb5636228cb0f5a1e72f848d871
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue Nov 25 01:56:47 2008 +0100
build: add attribute header size to total attribute length
This patch adds the size of the attribute header (4 bytes) to the
length field of netattr. This fixes a possible invalid memory
access in malformed messages.
This change is included in the set of scheduled changes for 0.9.9
that break backward compatibility.
This patch also removes a memset of 4096 by one to initialize
the headers and the netattr paddings.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
include/network.h | 6 +++---
src/build.c | 7 +++++--
2 files changed, 8 insertions(+), 5 deletions(-)
This patch adds the size of the attribute header (4 bytes) to the
length field of netattr. This fixes a possible invalid memory
access in malformed messages.
This change is included in the set of scheduled changes for 0.9.9
that break backward compatibility.
This patch also removes a memset of 4096 by one to initialize
the headers and the netattr paddings.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/network.h b/include/network.h
index 2487c81..f24fb5f 100644
--- a/include/network.h
+++ b/include/network.h
@@ -49,7 +49,7 @@ enum {
#define BUILD_NETMSG(ct, query) \
({ \
char __net[4096]; \
- memset(__net, 0, sizeof(__net)); \
+ memset(__net, 0, NETHDR_SIZ + NETPLD_SIZ); \
build_netmsg(ct, query, (struct nethdr *) __net); \
(struct nethdr *) __net; \
})
@@ -170,8 +170,8 @@ struct netattr {
#define NTA_NEXT(x, len) \
( \
- len -= NTA_ALIGN(NTA_LENGTH(x->nta_len)), \
- (struct netattr *)(((char *)x) + NTA_ALIGN(NTA_LENGTH(x->nta_len))) \
+ len -= NTA_ALIGN(x->nta_len), \
+ (struct netattr *)(((char *)x) + NTA_ALIGN(x->nta_len)) \
)
#define NTA_ALIGNTO 4
diff --git a/src/build.c b/src/build.c
index 5143048..c776de8 100644
--- a/src/build.c
+++ b/src/build.c
@@ -24,9 +24,12 @@ static inline void *
put_header(struct netpld *pld, int attr, size_t len)
{
struct netattr *nta = PLD_TAIL(pld);
- pld->len += NTA_ALIGN(NTA_LENGTH(len));
+ int total_size = NTA_ALIGN(NTA_LENGTH(len));
+ int attr_size = NTA_LENGTH(len);
+ pld->len += total_size;
nta->nta_attr = htons(attr);
- nta->nta_len = htons(len);
+ nta->nta_len = htons(attr_size);
+ memset((unsigned char *)nta + attr_size, 0, total_size - attr_size);
return NTA_DATA(nta);
}
More information about the netfilter-cvslog
mailing list