[libnftnl PATCH] lookup: Fix an invalid read

All of lore.kernel.org
 help / color / mirror / Atom feed

* [libnftnl PATCH] lookup: Fix an invalid read
@ 2014-04-15 10:13 Ana Rey
  2014-04-15 10:13 ` [libnftnl PATCH] set-elem: fix a memory leak Ana Rey
  2014-04-16 18:09 ` [libnftnl PATCH] lookup: Fix an invalid read Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Ana Rey @ 2014-04-15 10:13 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Ana Rey

Valgrind reports the following invalid read:

$ sudo valgrind ./nft-parsing-test -f ../jsonfiles/30-rule-lookup.json
==26664== Memcheck, a memory error detector
==26664== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26664== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==26664== Command: ./nft-parsing-test -f ../jsonfiles/30-rule-lookup.json
==26664==
==26664== Invalid read of size 8
==26664==    at 0x4E45490: nft_rule_expr_lookup_set (lookup.c:50)
==26664==    by 0x4E40B04: nft_rule_expr_set (expr.c:73)
==26664==    by 0x4E44FFF: nft_rule_expr_lookup_json_parse (lookup.c:157)
==26664==    by 0x4E408CD: nft_jansson_expr_parse (jansson.c:206)
==26664==    by 0x4E3B719: nft_jansson_parse_rule (rule.c:606)
==26664==    by 0x4E3F005: nft_ruleset_do_parse (ruleset.c:312)
==26664==    by 0x401479: test_json (nft-parsing-test.c:129)
==26664==    by 0x4017C2: execute_test_file (nft-parsing-test.c:270)
==26664==    by 0x400EBB: main (nft-parsing-test.c:332)
==26664==  Address 0x5c34d40 is 0 bytes inside a block of size 5 alloc'd
==26664==    at 0x4C274A0: malloc (vg_replace_malloc.c:291)
==26664==    by 0x56834FF: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5685825: json_string_nocheck (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682A3F: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682C5D: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682C5D: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682EDD: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5683295: json_loadf (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==
==26664== Invalid read of size 8
==26664==    at 0x4E45497: nft_rule_expr_lookup_set (lookup.c:50)
==26664==    by 0x4E40B04: nft_rule_expr_set (expr.c:73)
==26664==    by 0x4E44FFF: nft_rule_expr_lookup_json_parse (lookup.c:157)
==26664==    by 0x4E408CD: nft_jansson_expr_parse (jansson.c:206)
==26664==    by 0x4E3B719: nft_jansson_parse_rule (rule.c:606)
==26664==    by 0x4E3F005: nft_ruleset_do_parse (ruleset.c:312)
==26664==    by 0x401479: test_json (nft-parsing-test.c:129)
==26664==    by 0x4017C2: execute_test_file (nft-parsing-test.c:270)
==26664==    by 0x400EBB: main (nft-parsing-test.c:332)
==26664==  Address 0x5c34d48 is 3 bytes after a block of size 5 alloc'd
==26664==    at 0x4C274A0: malloc (vg_replace_malloc.c:291)
==26664==    by 0x56834FF: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5685825: json_string_nocheck (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682A3F: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682C5D: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682C5D: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682ADE: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5682EDD: ??? (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)
==26664==    by 0x5683295: json_loadf (in /usr/lib/x86_64-linux-gnu/libjansson.so.4.6.0)

Signed-off-by: Ana Rey <anarey@gmail.com>
---
 src/expr/lookup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 5e0bf75..50282a8 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -47,8 +47,8 @@ nft_rule_expr_lookup_set(struct nft_rule_expr *e, uint16_t type,
 		lookup->dreg = *((uint32_t *)data);
 		break;
 	case NFT_EXPR_LOOKUP_SET:
-		memcpy(lookup->set_name, data, IFNAMSIZ);
-		lookup->set_name[IFNAMSIZ-1] = '\0';
+		snprintf(lookup->set_name, sizeof(lookup->set_name), "%s",
+			 (const char *)data);
 		break;
 	default:
 		return -1;
-- 
1.9.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [libnftnl PATCH] set-elem: fix a memory leak
  2014-04-15 10:13 [libnftnl PATCH] lookup: Fix an invalid read Ana Rey
@ 2014-04-15 10:13 ` Ana Rey
  2014-04-16 18:09   ` Pablo Neira Ayuso
  2014-04-16 18:09 ` [libnftnl PATCH] lookup: Fix an invalid read Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Ana Rey @ 2014-04-15 10:13 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Ana Rey

Valgrind reports the following memory leak:

valgrind  --leak-check=full ./nft-parsing-test -f jsonfiles/63-set.json
==7131== HEAP SUMMARY:
==7131==     in use at exit: 2 bytes in 1 blocks
==7131==   total heap usage: 155 allocs, 154 frees, 6,497 bytes allocated
==7131==
==7131== 2 bytes in 1 blocks are definitely lost in loss record 1 of 1
==7131==    at 0x4C274A0: malloc (vg_replace_malloc.c:291)
==7131==    by 0x590B829: strdup (strdup.c:42)
==7131==    by 0x4E4341A: nft_data_reg_json_parse (data_reg.c:55)
==7131==    by 0x4E4093A: nft_jansson_data_reg_parse (jansson.c:231)
==7131==    by 0x4E40A1B: nft_jansson_et_elem_parse (jansson.c:257)
==7131==    by 0x4E3CECA: nft_jansson_parse_set (set.c:398)
==7131==    by 0x4E3EC65: nft_ruleset_do_parse (ruleset.c:263)
==7131==    by 0x401479: test_json (nft-parsing-test.c:129)
==7131==    by 0x4017C2: execute_test_file (nft-parsing-test.c:270)
==7131==    by 0x400EBB: main (nft-parsing-test.c:332)

Signed-off-by: Ana Rey <anarey@gmail.com>
---
 src/set_elem.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/set_elem.c b/src/set_elem.c
index a747ba6..05fd08b 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -42,6 +42,12 @@ EXPORT_SYMBOL(nft_set_elem_alloc);
 
 void nft_set_elem_free(struct nft_set_elem *s)
 {
+	if (s->flags & (1 << NFT_SET_ELEM_ATTR_CHAIN)) {
+		if (s->data.chain) {
+			xfree(s->data.chain);
+			s->data.chain = NULL;
+		}
+	}
 	xfree(s);
 }
 EXPORT_SYMBOL(nft_set_elem_free);
-- 
1.9.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [libnftnl PATCH] set-elem: fix a memory leak
  2014-04-15 10:13 ` [libnftnl PATCH] set-elem: fix a memory leak Ana Rey
@ 2014-04-16 18:09   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-04-16 18:09 UTC (permalink / raw)
  To: Ana Rey; +Cc: netfilter-devel

On Tue, Apr 15, 2014 at 12:13:47PM +0200, Ana Rey wrote:
> Valgrind reports the following memory leak:
> 
> valgrind  --leak-check=full ./nft-parsing-test -f jsonfiles/63-set.json
> ==7131== HEAP SUMMARY:
> ==7131==     in use at exit: 2 bytes in 1 blocks
> ==7131==   total heap usage: 155 allocs, 154 frees, 6,497 bytes allocated
> ==7131==
> ==7131== 2 bytes in 1 blocks are definitely lost in loss record 1 of 1
> ==7131==    at 0x4C274A0: malloc (vg_replace_malloc.c:291)
> ==7131==    by 0x590B829: strdup (strdup.c:42)
> ==7131==    by 0x4E4341A: nft_data_reg_json_parse (data_reg.c:55)
> ==7131==    by 0x4E4093A: nft_jansson_data_reg_parse (jansson.c:231)
> ==7131==    by 0x4E40A1B: nft_jansson_et_elem_parse (jansson.c:257)
> ==7131==    by 0x4E3CECA: nft_jansson_parse_set (set.c:398)
> ==7131==    by 0x4E3EC65: nft_ruleset_do_parse (ruleset.c:263)
> ==7131==    by 0x401479: test_json (nft-parsing-test.c:129)
> ==7131==    by 0x4017C2: execute_test_file (nft-parsing-test.c:270)
> ==7131==    by 0x400EBB: main (nft-parsing-test.c:332)

Also applied, thanks Ana.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [libnftnl PATCH] lookup: Fix an invalid read
  2014-04-15 10:13 [libnftnl PATCH] lookup: Fix an invalid read Ana Rey
  2014-04-15 10:13 ` [libnftnl PATCH] set-elem: fix a memory leak Ana Rey
@ 2014-04-16 18:09 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-04-16 18:09 UTC (permalink / raw)
  To: Ana Rey; +Cc: netfilter-devel

On Tue, Apr 15, 2014 at 12:13:46PM +0200, Ana Rey wrote:
> Valgrind reports the following invalid read:
> 
> $ sudo valgrind ./nft-parsing-test -f ../jsonfiles/30-rule-lookup.json
> ==26664== Memcheck, a memory error detector
> ==26664== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==26664== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
> ==26664== Command: ./nft-parsing-test -f ../jsonfiles/30-rule-lookup.json
> ==26664==
> ==26664== Invalid read of size 8
> ==26664==    at 0x4E45490: nft_rule_expr_lookup_set (lookup.c:50)

Applied, thanks Ana.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-04-16 18:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-15 10:13 [libnftnl PATCH] lookup: Fix an invalid read Ana Rey
2014-04-15 10:13 ` [libnftnl PATCH] set-elem: fix a memory leak Ana Rey
2014-04-16 18:09   ` Pablo Neira Ayuso
2014-04-16 18:09 ` [libnftnl PATCH] lookup: Fix an invalid read Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.