[PATCH] ip6tables: check for valid init prior to calling

[PATCH] ip6tables: check for valid init prior to calling

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 260 bytes --]

Unlike iptables, ip6tables does not check that match|target->init
is !NULL prior to calling, leading to problems in those extensions
which don't define init, like owner:

# ip6tables -m owner
Segmentation fault

The below patch copies iptables checks.

Phil



[-- Attachment #2: patch-ip6tinit --]
[-- Type: text/plain, Size: 1406 bytes --]

diff -ruN ipt-orig/ip6tables.c ipt-new/ip6tables.c
--- ipt-orig/ip6tables.c	2005-02-19 11:19:17.000000000 -0800
+++ ipt-new/ip6tables.c	2005-07-03 09:57:48.000000000 -0700
@@ -1919,7 +1919,8 @@
 				target->t = fw_calloc(1, size);
 				target->t->u.target_size = size;
 				strcpy(target->t->u.user.name, jumpto);
-				target->init(target->t, &fw.nfcache);
+				if (target->init != NULL)
+					target->init(target->t, &fw.nfcache);
 				opts = merge_options(opts, target->extra_opts, &target->option_offset);
 			}
 			break;
@@ -1963,7 +1964,8 @@
 			m->m = fw_calloc(1, size);
 			m->m->u.match_size = size;
 			strcpy(m->m->u.user.name, m->name);
-			m->init(m->m, &fw.nfcache);
+			if (m->init != NULL)
+				m->init(m->m, &fw.nfcache);
 			opts = merge_options(opts, m->extra_opts, &m->option_offset);
 		}
 		break;
@@ -2104,7 +2106,8 @@
 					m->m = fw_calloc(1, size);
 					m->m->u.match_size = size;
 					strcpy(m->m->u.user.name, m->name);
-					m->init(m->m, &fw.nfcache);
+					if (m->init != NULL)
+						m->init(m->m, &fw.nfcache);
 
 					opts = merge_options(opts,
 					    m->extra_opts, &m->option_offset);
@@ -2232,7 +2235,8 @@
 			target->t = fw_calloc(1, size);
 			target->t->u.target_size = size;
 			strcpy(target->t->u.user.name, jumpto);
-			target->init(target->t, &fw.nfcache);
+			if (target->init != NULL)
+				target->init(target->t, &fw.nfcache);
 		}
 
 		if (!target) {

Re: [PATCH] ip6tables: check for valid init prior to calling

[Jonas Berlin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting Phil Oester on 2005-07-03 17:03 UTC:
> Unlike iptables, ip6tables does not check that match|target->init
> is !NULL prior to calling, leading to problems in those extensions
> which don't define init, like owner:
> 
> # ip6tables -m owner
> Segmentation fault
> 
> The below patch copies iptables checks.
> 
> Phil

Hmm, I already fixed this three months ago :)

http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/ip6tables.c?rev=3818&r1=3814&r2=3818

- --
- - xkr47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyMEgxyF48ZTvn+4RAisrAJ9NR/P89HiNEAiJQsKfcyqPkLjEFACgpSAA
qq91OSpPDFt/1CM/7EeKluI=
=ubNX
-----END PGP SIGNATURE-----

Re: [PATCH] ip6tables: check for valid init prior to calling

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1058 bytes --]

On Mon, Jul 04, 2005 at 04:54:58AM +0000, Jonas Berlin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Quoting Phil Oester on 2005-07-03 17:03 UTC:
> > Unlike iptables, ip6tables does not check that match|target->init
> > is !NULL prior to calling, leading to problems in those extensions
> > which don't define init, like owner:
> > 
> > # ip6tables -m owner
> > Segmentation fault
> > 
> > The below patch copies iptables checks.
> > 
> > Phil
> 
> Hmm, I already fixed this three months ago :)

seems like we should be doing a 1.3.2 release.  So everyone who still
has pending bugs/issues with current svn iptables, please raise your
voice _now_.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]