[libnetfilter_conntrack] parse: fix access to u64 attributes in netlink messages
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Fri Mar 5 12:51:53 CET 2010
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=bee0b3c9d1f38f03b325e7c67a5a918a0837f900
commit bee0b3c9d1f38f03b325e7c67a5a918a0837f900
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Mar 4 15:51:59 2010 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Mar 4 15:51:59 2010 +0100
parse: fix access to u64 attributes in netlink messages
This patch fixes parsing of 64 bits attributes (that are unaligned)
in ctnetlink. It would be better to add nfnl_get_uX() functions
similar to those in include/net/netlink.h to libnfnetlink to avoid
this sort of errors.
Reported-by: Jan Engelhardt <jengelh at medozas.es>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via bee0b3c9d1f38f03b325e7c67a5a918a0837f900 (commit)
from fb61c68dd0ba2e6ce98516ddbbd3b10638f4bcea (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bee0b3c9d1f38f03b325e7c67a5a918a0837f900
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Mar 4 15:51:59 2010 +0100
parse: fix access to u64 attributes in netlink messages
This patch fixes parsing of 64 bits attributes (that are unaligned)
in ctnetlink. It would be better to add nfnl_get_uX() functions
similar to those in include/net/netlink.h to libnfnetlink to avoid
this sort of errors.
Reported-by: Jan Engelhardt <jengelh at medozas.es>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/conntrack/parse.c | 30 +++++++++++++++++++-----------
1 files changed, 19 insertions(+), 11 deletions(-)
This patch fixes parsing of 64 bits attributes (that are unaligned)
in ctnetlink. It would be better to add nfnl_get_uX() functions
similar to those in include/net/netlink.h to libnfnetlink to avoid
this sort of errors.
Reported-by: Jan Engelhardt <jengelh at medozas.es>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 0e0cd58..60dabe4 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -276,9 +276,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
set_bit(ATTR_DCCP_ROLE, ct->set);
}
if (tb[CTA_PROTOINFO_DCCP_SEQ-1]) {
- ct->protoinfo.dccp.handshake_seq =
- __be64_to_cpu(*(u_int64_t *)
- NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]));
+ u_int64_t tmp;
+ memcpy(&tmp,
+ NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]),
+ sizeof(tmp));
+ ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp);
set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set);
}
}
@@ -314,10 +316,13 @@ static void __parse_counters(const struct nfattr *attr,
= ntohl(*(u_int32_t *)
NFA_DATA(tb[CTA_COUNTERS32_PACKETS-1]));
- if (tb[CTA_COUNTERS_PACKETS-1])
- ct->counters[dir].packets
- = __be64_to_cpu(*(u_int64_t *)
- NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]));
+ if (tb[CTA_COUNTERS_PACKETS-1]) {
+ u_int64_t tmp;
+ memcpy(&tmp,
+ NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]),
+ sizeof(tmp));
+ ct->counters[dir].packets = __be64_to_cpu(tmp);
+ }
switch(dir) {
case __DIR_ORIG:
@@ -335,10 +340,13 @@ static void __parse_counters(const struct nfattr *attr,
= ntohl(*(u_int32_t *)
NFA_DATA(tb[CTA_COUNTERS32_BYTES-1]));
- if (tb[CTA_COUNTERS_BYTES-1])
- ct->counters[dir].bytes
- = __be64_to_cpu(*(u_int64_t *)
- NFA_DATA(tb[CTA_COUNTERS_BYTES-1]));
+ if (tb[CTA_COUNTERS_BYTES-1]) {
+ u_int64_t tmp;
+ memcpy(&tmp,
+ NFA_DATA(tb[CTA_COUNTERS_BYTES-1]),
+ sizeof(tmp));
+ ct->counters[dir].bytes = __be64_to_cpu(tmp);
+ }
switch(dir) {
case __DIR_ORIG:
More information about the netfilter-cvslog
mailing list