All of lore.kernel.org
 help / color / mirror / Atom feed
* #263154: iptables: segfault with multiple ip hostnames
@ 2004-08-03 22:03 Laurence J. Lane
  2004-08-03 22:11 ` Phil Oester
  2004-08-03 22:26 ` Patrick McHardy
  0 siblings, 2 replies; 4+ messages in thread
From: Laurence J. Lane @ 2004-08-03 22:03 UTC (permalink / raw)
  To: netfilter-devel

http://bugs.debian.org/263154

iptables 1.2.11 segfaults when given a domain name that resolves 
to multiple ip addresses. The situation is the same for kernel 
versions 2.4.26 and 2.6.7.

As an example:

  # iptables -I INPUT -s google.com -j DROP
  free(): invalid pointer 0x8055a4c!
  Segmentation fault

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: #263154: iptables: segfault with multiple ip hostnames
  2004-08-03 22:03 #263154: iptables: segfault with multiple ip hostnames Laurence J. Lane
@ 2004-08-03 22:11 ` Phil Oester
  2004-08-03 22:26 ` Patrick McHardy
  1 sibling, 0 replies; 4+ messages in thread
From: Phil Oester @ 2004-08-03 22:11 UTC (permalink / raw)
  To: Laurence J. Lane; +Cc: netfilter-devel

On Tue, Aug 03, 2004 at 06:03:50PM -0400, Laurence J. Lane wrote:
> http://bugs.debian.org/263154
> 
> iptables 1.2.11 segfaults when given a domain name that resolves 
> to multiple ip addresses. The situation is the same for kernel 
> versions 2.4.26 and 2.6.7.

This is fixed in CVS.  Patch below for reference.

Phil


diff -u -r1.68 -r1.69
--- iptables/iptables.c	2004/05/26 16:04:48	1.68
+++ iptables/iptables.c	2004/07/04 15:20:53	1.69
@@ -2339,11 +2339,8 @@
 		e = NULL;
 	}
 
-	for (c = 0; c < nsaddrs; c++)
-		free(&saddrs[c]);
-
-	for (c = 0; c < ndaddrs; c++)
-		free(&daddrs[c]);
+	free(saddrs);
+	free(daddrs);
 
 	if (opts != original_opts) {
 		free(opts);

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: #263154: iptables: segfault with multiple ip hostnames
  2004-08-03 22:03 #263154: iptables: segfault with multiple ip hostnames Laurence J. Lane
  2004-08-03 22:11 ` Phil Oester
@ 2004-08-03 22:26 ` Patrick McHardy
  2004-08-20 16:09   ` Herve Eychenne
  1 sibling, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2004-08-03 22:26 UTC (permalink / raw)
  To: Laurence J. Lane; +Cc: netfilter-devel

Laurence J. Lane wrote:

>http://bugs.debian.org/263154
>
>iptables 1.2.11 segfaults when given a domain name that resolves 
>to multiple ip addresses. The situation is the same for kernel 
>versions 2.4.26 and 2.6.7.
>
>As an example:
>
>  # iptables -I INPUT -s google.com -j DROP
>  free(): invalid pointer 0x8055a4c!
>  Segmentation fault
>  
>
Already fixed in CVS:

http://cvs.netfilter.org/iptables/iptables.c?r1=1.68&r2=1.69

But seems to be missing this:

diff -u -r1.69 iptables.c
--- iptables.c  4 Jul 2004 15:20:53 -0000       1.69
+++ iptables.c  3 Aug 2004 22:22:25 -0000
@@ -551,7 +551,7 @@
                                                                                                                              

                while (host->h_addr_list[*naddr] != (char *) NULL)
                        (*naddr)++;
-               addr = fw_calloc(*naddr, sizeof(struct in_addr));
+               addr = fw_calloc(*naddr, sizeof(struct in_addr) * *naddr);
                for (i = 0; i < *naddr; i++)
                        inaddrcpy(&(addr[i]),
                                  (struct in_addr *) host->h_addr_list[i]);

Regards
Patrick

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: #263154: iptables: segfault with multiple ip hostnames
  2004-08-03 22:26 ` Patrick McHardy
@ 2004-08-20 16:09   ` Herve Eychenne
  0 siblings, 0 replies; 4+ messages in thread
From: Herve Eychenne @ 2004-08-20 16:09 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Laurence J. Lane, netfilter-devel

On Wed, Aug 04, 2004 at 12:26:22AM +0200, Patrick McHardy wrote:

> Laurence J. Lane wrote:

> >http://bugs.debian.org/263154
> >
> >iptables 1.2.11 segfaults when given a domain name that resolves 
> >to multiple ip addresses. The situation is the same for kernel 
> >versions 2.4.26 and 2.6.7.
> >
> >As an example:
> >
> > # iptables -I INPUT -s google.com -j DROP
> > free(): invalid pointer 0x8055a4c!
> > Segmentation fault
> > 
> >
> Already fixed in CVS:

> http://cvs.netfilter.org/iptables/iptables.c?r1=1.68&r2=1.69

Does this change make sense for ip6tables as well? If so, were the
equivalent changes committed as well?

 Herve

-- 
 _
(°=  Hervé Eychenne
//)
v_/_ WallFire project:  http://www.wallfire.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-08-20 16:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-03 22:03 #263154: iptables: segfault with multiple ip hostnames Laurence J. Lane
2004-08-03 22:11 ` Phil Oester
2004-08-03 22:26 ` Patrick McHardy
2004-08-20 16:09   ` Herve Eychenne

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.