[Bug 437] New: restore can segfaults when restoring corrupt policy
counters
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Feb 1 23:59:49 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=437
Summary: restore can segfaults when restoring corrupt policy
counters
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: iptables-restore
AssignedTo: laforge at netfilter.org
ReportedBy: razzor at kopf-tisch.de
In iptables-restore the return value of parse_counters() is not checked.
So if the sscanf() in parse_counter() fails, wrong ($random or from previous
chain) counters are written to kernel.
Also parse_counter() is called without checking it's first argument.
If it's NULL, the sscanf() will segfault.
diff -uNr iptables-1.3.5.org/ip6tables-restore.c iptables-1.3.5/ip6tables-restore.c
--- iptables-1.3.5.org/ip6tables-restore.c 2005-06-24 18:34:19.000000000 +0200
+++ iptables-1.3.5/ip6tables-restore.c 2006-02-01 23:47:04.000000000 +0100
@@ -266,7 +266,10 @@
char *ctrs;
ctrs = strtok(NULL, " \t\n");
- parse_counters(ctrs, &count);
+ if (!ctrs || !parse_counters(ctrs, &count))
+ exit_error(PARAMETER_PROBLEM,
+ "invalid policy counters "
+ "for chain '%s'\n", chain);
} else {
memset(&count, 0,
diff -uNr iptables-1.3.5.org/iptables-restore.c iptables-1.3.5/iptables-restore.c
--- iptables-1.3.5.org/iptables-restore.c 2005-06-24 18:34:19.000000000 +0200
+++ iptables-1.3.5/iptables-restore.c 2006-02-01 23:45:00.000000000 +0100
@@ -269,7 +269,10 @@
char *ctrs;
ctrs = strtok(NULL, " \t\n");
- parse_counters(ctrs, &count);
+ if (!ctrs || !parse_counters(ctrs, &count))
+ exit_error(PARAMETER_PROBLEM,
+ "invalid policy counters "
+ "for chain '%s'\n", chain);
} else {
memset(&count, 0,
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the netfilter-buglog
mailing list