[conntrack-tools] conntrackd: net message memory allocation is unsafe

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Thu Sep 3 12:19:42 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=9d2c667b951fa67f70bebc863f005dd1d10de91c
commit 9d2c667b951fa67f70bebc863f005dd1d10de91c
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Sep 3 12:18:43 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Sep 3 12:18:43 2009 +0200

    conntrackd: net message memory allocation is unsafe
    
    We cannot assume that we will not write in the net message before we
    send it, because the memory allocated for the net message (__net) is
    only reserved in BUILD_NETMSG (because of the { } block in it).
    This patch marks the buffer as static to avoid this problem.
    Based on a patch from Samuel Gauthier <samuel.gauthier at 6wind.com>
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  9d2c667b951fa67f70bebc863f005dd1d10de91c (commit)
      from  cf3be894fcb95adb360425c8482954522e9110d2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9d2c667b951fa67f70bebc863f005dd1d10de91c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Sep 3 12:18:43 2009 +0200

    conntrackd: net message memory allocation is unsafe
    
    We cannot assume that we will not write in the net message before we
    send it, because the memory allocated for the net message (__net) is
    only reserved in BUILD_NETMSG (because of the { } block in it).
    This patch marks the buffer as static to avoid this problem.
    Based on a patch from Samuel Gauthier <samuel.gauthier at 6wind.com>
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/network.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
We cannot assume that we will not write in the net message before we
send it, because the memory allocated for the net message (__net) is
only reserved in BUILD_NETMSG (because of the { } block in it).
This patch marks the buffer as static to avoid this problem.
Based on a patch from Samuel Gauthier <samuel.gauthier at 6wind.com>

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/network.h b/include/network.h
index 3248245..dfc3015 100644
--- a/include/network.h
+++ b/include/network.h
@@ -81,7 +81,7 @@ enum {
 
 #define BUILD_NETMSG(ct, query)					\
 ({								\
-	char __net[4096];					\
+	static char __net[4096];				\
 	struct nethdr *__hdr = (struct nethdr *) __net;		\
 	memset(__hdr, 0, NETHDR_SIZ);				\
 	nethdr_set(__hdr, query);				\

More information about the netfilter-cvslog mailing list