a small bug in iptables.c and ip6tables.c get

All of lore.kernel.org
 help / color / mirror / Atom feed

* a small bug in iptables.c and ip6tables.c get_modprobe()
@ 2004-10-13 23:53 Mikko Rapeli
  2004-10-26 14:09 ` Martin Schulze
  0 siblings, 1 reply; 2+ messages in thread
From: Mikko Rapeli @ 2004-10-13 23:53 UTC (permalink / raw)
  To: 219686; +Cc: netfilter-devel, debian-firewall

[-- Attachment #1: Type: text/plain, Size: 607 bytes --]

Hello,

This #219686 Lokkit bug in Debian is not actually a Lokkit bug but an iptables
bug, heh. Firewall or other scripts should not have to load iptables 
modules since iptables the executable can do it for them. strace and gdb
showed - after some head scratching - why an 'iptables -L' or 
'iptables -N foo' loaded the modules but 'iptables -N RH-Lokkit-0-50-INPUT' 
did not.

Attached patches fixes this in iptables 1.2.9, which is now in Debian
testing, and they also apply to the latest 1.2.11 from netfilter.org.

I'm not on the Cc'd lists, so could you please Cc me in if you reply,
thanks.

-Mikko

[-- Attachment #2: iptables_modprobe_fix.patch --]
[-- Type: text/plain, Size: 378 bytes --]

--- iptables.c-original	2004-10-13 20:22:34.000000000 +0300
+++ iptables.c	2004-10-14 02:23:21.000000000 +0300
@@ -1565,8 +1565,9 @@
 	if (procfile < 0)
 		return NULL;
 
-	ret = malloc(1024);
+	ret = (char *) malloc(1024);
 	if (ret) {
+		memset (ret, 0, 1024);
 		switch (read(procfile, ret, 1024)) {
 		case -1: goto fail;
 		case 1024: goto fail; /* Partial read.  Wierd */

[-- Attachment #3: ip6tables_modprobe_fix.patch --]
[-- Type: text/plain, Size: 380 bytes --]

--- ip6tables.c-original	2004-10-14 02:22:06.000000000 +0300
+++ ip6tables.c	2004-10-14 02:25:11.000000000 +0300
@@ -1568,8 +1568,9 @@
 	if (procfile < 0)
 		return NULL;
 
-	ret = malloc(1024);
+	ret = (char *) malloc(1024);
 	if (ret) {
+		memset (ret, 0, 1024);
 		switch (read(procfile, ret, 1024)) {
 		case -1: goto fail;
 		case 1024: goto fail; /* Partial read.  Wierd */

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: a small bug in iptables.c and ip6tables.c get_modprobe()
  2004-10-13 23:53 a small bug in iptables.c and ip6tables.c get_modprobe() Mikko Rapeli
@ 2004-10-26 14:09 ` Martin Schulze
  0 siblings, 0 replies; 2+ messages in thread
From: Martin Schulze @ 2004-10-26 14:09 UTC (permalink / raw)
  To: Mikko Rapeli; +Cc: 219686, debian-firewall, netfilter-devel

Mikko Rapeli wrote:
> Hello,
> 
> This #219686 Lokkit bug in Debian is not actually a Lokkit bug but an iptables
> bug, heh. Firewall or other scripts should not have to load iptables 
> modules since iptables the executable can do it for them. strace and gdb
> showed - after some head scratching - why an 'iptables -L' or 
> 'iptables -N foo' loaded the modules but 'iptables -N RH-Lokkit-0-50-INPUT' 
> did not.
> 
> Attached patches fixes this in iptables 1.2.9, which is now in Debian
> testing, and they also apply to the latest 1.2.11 from netfilter.org.

Thanks a lot Mikko!  This problem has been assigned CAN-2004-0986.

-- 
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.

Please always Cc to me when replying to me on the lists.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-10-26 14:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-13 23:53 a small bug in iptables.c and ip6tables.c get_modprobe() Mikko Rapeli
2004-10-26 14:09 ` Martin Schulze

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.