[libnetfilter_conntrack] include: shrink helper name field to 16 bytes
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sat May 30 11:12:51 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=8bb593c025100cc03a9b3e03f636dc999f891a1c
commit 8bb593c025100cc03a9b3e03f636dc999f891a1c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat May 30 11:09:19 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat May 30 11:09:19 2009 +0200
include: shrink helper name field to 16 bytes
xt_helper uses a length size of 30 bytes. However, no helper name in
the tree has exceeded 16 bytes length so far. Since 2.6.29, the
maximum length accepted limited to 16 bytes, this limit is enforced
during module loading. With this patch we save bytes in the
conntrack objects.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3ba6d6c1ded320db0c0519bcf4cb270933e55c9a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat May 30 11:01:05 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat May 30 11:01:05 2009 +0200
snprintf: perform strict checking for the protocol state value
This patch avoids possible out-of-bound array access if protocol
states higher than the accepted are used.
Reported-by: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 8bb593c025100cc03a9b3e03f636dc999f891a1c (commit)
via 3ba6d6c1ded320db0c0519bcf4cb270933e55c9a (commit)
from 20ed81b10714dfe78e31e9721e2d4f42b4beabb2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8bb593c025100cc03a9b3e03f636dc999f891a1c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sat May 30 11:09:19 2009 +0200
include: shrink helper name field to 16 bytes
xt_helper uses a length size of 30 bytes. However, no helper name in
the tree has exceeded 16 bytes length so far. Since 2.6.29, the
maximum length accepted limited to 16 bytes, this limit is enforced
during module loading. With this patch we save bytes in the
conntrack objects.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3ba6d6c1ded320db0c0519bcf4cb270933e55c9a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sat May 30 11:01:05 2009 +0200
snprintf: perform strict checking for the protocol state value
This patch avoids possible out-of-bound array access if protocol
states higher than the accepted are used.
Reported-by: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
include/internal/object.h | 5 ++++-
src/conntrack/snprintf_default.c | 15 ++++++++++++---
src/conntrack/snprintf_xml.c | 12 +++++++++---
3 files changed, 25 insertions(+), 7 deletions(-)
This patch avoids possible out-of-bound array access if protocol
states higher than the accepted are used.
Reported-by: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 6eda16c..6749738 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -38,19 +38,28 @@ int __snprintf_protoinfo(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ", states[ct->protoinfo.tcp.state]);
+ return snprintf(buf, len, "%s ",
+ ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ?
+ states[ct->protoinfo.tcp.state] :
+ states[TCP_CONNTRACK_NONE]);
}
int __snprintf_protoinfo_sctp(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ", sctp_states[ct->protoinfo.sctp.state]);
+ return snprintf(buf, len, "%s ",
+ ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ?
+ sctp_states[ct->protoinfo.sctp.state] :
+ sctp_states[SCTP_CONNTRACK_NONE]);
}
int __snprintf_protoinfo_dccp(char *buf,
unsigned int len,
const struct nf_conntrack *ct)
{
- return snprintf(buf, len, "%s ", dccp_states[ct->protoinfo.dccp.state]);
+ return snprintf(buf, len, "%s ",
+ ct->protoinfo.dccp.state < DCCP_CONNTRACK_MAX ?
+ sctp_states[ct->protoinfo.dccp.state] :
+ sctp_states[DCCP_CONNTRACK_NONE]);
}
int __snprintf_address_ipv4(char *buf,
diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c
index 17e0cd4..aa9a9ec 100644
--- a/src/conntrack/snprintf_xml.c
+++ b/src/conntrack/snprintf_xml.c
@@ -303,19 +303,25 @@ int __snprintf_conntrack_xml(char *buf,
if (test_bit(ATTR_TCP_STATE, ct->set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
- states[ct->protoinfo.tcp.state]);
+ ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ?
+ states[ct->protoinfo.tcp.state] :
+ states[TCP_CONNTRACK_NONE]);
BUFFER_SIZE(ret, size, len, offset);
}
if (test_bit(ATTR_SCTP_STATE, ct->set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
- states[ct->protoinfo.sctp.state]);
+ ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ?
+ states[ct->protoinfo.sctp.state] :
+ states[SCTP_CONNTRACK_NONE]);
BUFFER_SIZE(ret, size, len, offset);
}
if (test_bit(ATTR_DCCP_STATE, ct->set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
- states[ct->protoinfo.dccp.state]);
+ ct->protoinfo.sctp.state < DCCP_CONNTRACK_MAX ?
+ states[ct->protoinfo.dccp.state] :
+ states[DCCP_CONNTRACK_NONE]);
BUFFER_SIZE(ret, size, len, offset);
}
More information about the netfilter-cvslog
mailing list