Re: [PATCH 2.4/2.6]: TTL target

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Nicolas Bouliane <nib@cookinglinux.org>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH 2.4/2.6]: TTL target
Date: Mon, 26 Jul 2004 02:09:16 +0200	[thread overview]
Message-ID: <41044BAC.7060705@trash.net> (raw)
In-Reply-To: <1400.192.168.1.16.1090797821.squirrel@192.168.1.16>

Hi Nicolas,

Nicolas Bouliane wrote:
> Hi guys,
> 
> We attached three patches that fixe some problems with the TTL target.
> 
> 1) When using a value > 255 or < 0, there's an overflow with
>    u_int8_t value;
> 
>    This means that giving 256 as a value will create a rule with
>    a value of 0.
> 
>    The first patch adds some error controls in TTL library avoiding this.
> 
> 2) There is a little, but significative, bug in the TTL target module.
>    Instead of decreasing the TTL, this is increasing it.
> 
>    The second patch is for 2.4
> 
> 3) Same as second patch, but for 2.6
> 
> Let us know if there is some problems. Thanks you.

The kernel-part is fine, the userspace has some minor problems,
see my comments below. Could you please send a new version ?

Thanks,
Patrick

> 
> Patches below.
> 
> Signed-off-by: Nicolas Bouliane <nib@cookinglinux.org>
> 
> 
> diff -urpN extensions/libipt_TTL.c.orig extensions/libipt_TTL.c
> --- extensions/libipt_TTL.c.orig	2004-07-24 21:17:24.000000000 -0400
> +++ extensions/libipt_TTL.c	2004-07-25 18:00:39.000000000 -0400
> @@ -24,9 +24,9 @@ static void help(void)
>  {
>  	printf(
>  "TTL target v%s options\n"
> -"  --ttl-set value		Set TTL to <value>\n"
> -"  --ttl-dec value		Decrement TTL by <value>\n"
> -"  --ttl-inc value		Increment TTL by <value>\n"
> +"  --ttl-set value		Set TTL to <value 0-255>\n"
> +"  --ttl-dec value		Decrement TTL by <value 1-255>\n"
> +"  --ttl-inc value		Increment TTL by <value 1-255>\n"
>  , IPTABLES_VERSION);
>  }
> 
> @@ -35,7 +35,8 @@ static int parse(int c, char **argv, int
>  		struct ipt_entry_target **target)
>  {
>  	struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data;
> -	u_int8_t value;
> +   u_int16_t value;
> +   u_int8_t alpha;

^^^ Indentation is broken, we use tabs not spaces

> 
>  	if (*flags & IPT_TTL_USED) {
>  		exit_error(PARAMETER_PROBLEM,
> @@ -49,28 +50,36 @@ static int parse(int c, char **argv, int
>  	if (check_inverse(optarg, &invert, NULL, 0))
>  		exit_error(PARAMETER_PROBLEM,
>  				"TTL: unexpected `!'");
> -
> -	value = atoi(optarg);
> -
> +
> +   if ((strlen(optarg) > 3) ||
> +      (sscanf(optarg, "%hd%c", &value, &alpha) != 1))

^^^ Why scan for characters and check for exactly one parsed item ?
     Use string_to_number with 0-255 as limit.

> +      exit_error(PARAMETER_PROBLEM,
> +            "TTL: Invalid value");
> +
>  	switch (c) {
> 
>  		case '1':
> +         if (value > 255) {
> +            exit_error(PARAMETER_PROBLEM,
> +               "TTL: Invalid value");
> +         }
> +
>  			info->mode = IPT_TTL_SET;
>  			break;
> 
>  		case '2':
> -			if (value == 0) {
> -				exit_error(PARAMETER_PROBLEM,
> -					"TTL: decreasing by 0?");
> +         if (value > 255 || value < 1) {
> +   			exit_error(PARAMETER_PROBLEM,
> +					"TTL: Invalid value");
^^^ The old message contained more information

>  			}
> 
>  			info->mode = IPT_TTL_DEC;
>  			break;
> 
>  		case '3':
> -			if (value == 0) {
> +         if (value > 255 || value < 1) {
>  				exit_error(PARAMETER_PROBLEM,
> -					"TTL: increasing by 0?");
> +   				"TTL: Invalid value");
>  			}
> 
>  			info->mode = IPT_TTL_INC;
> 
> 
>

next prev parent reply	other threads:[~2004-07-26  0:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-25 23:23 [PATCH 2.4/2.6]: TTL target Nicolas Bouliane
2004-07-26  0:09 ` Patrick McHardy [this message]
2004-07-26  1:37   ` Nicolas Bouliane
2004-07-26 21:10     ` Patrick McHardy
2004-07-27 18:46 ` Patrick McHardy
  -- strict thread matches above, loose matches on Subject: below --
2004-07-27 19:09 Samuel Jean
2004-07-27 21:50 ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41044BAC.7060705@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=nib@cookinglinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.