[1/2] osf: fixed matching bug.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [1/2] osf: fixed matching bug.
@ 2004-08-21 21:03 Evgeniy Polyakov
  2004-08-21 22:12 ` Patrick McHardy
  0 siblings, 1 reply; 2+ messages in thread
From: Evgeniy Polyakov @ 2004-08-21 21:03 UTC (permalink / raw)
  To: Harald Welte; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 402 bytes --]

Fixed matching bug - when we have match and have options to process
not only first one but all, then we may rewrite fmatch value
with FMATCH_WRONG parameters. Later osf will create decision based on
the latest fmatch value, but not the fact that osf had match before.

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>

	Evgeniy Polyakov ( s0mbre )

Only failure makes us experts. -- Theo de Raadt

[-- Attachment #2: ipt_osf.diff --]
[-- Type: text/plain, Size: 395 bytes --]

--- netfilter_cvs/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2004-07-18 00:10:43.000000000 +0400
+++ netfilter_cvs/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2004-08-20 21:55:22.000000000 +0400
@@ -411,8 +413,11 @@
 		}
 	}
 
-	read_unlock(&osf_lock);
+	if (fcount)
+		fmatch = FMATCH_OK;
 
+	read_unlock(&osf_lock);
+	
 	return (fmatch == FMATCH_OK)?1:0;
 }
 

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [1/2] osf: fixed matching bug.
  2004-08-21 21:03 [1/2] osf: fixed matching bug Evgeniy Polyakov
@ 2004-08-21 22:12 ` Patrick McHardy
  0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2004-08-21 22:12 UTC (permalink / raw)
  To: johnpol; +Cc: Harald Welte, netfilter-devel

Evgeniy Polyakov wrote:

>Fixed matching bug - when we have match and have options to process
>not only first one but all, then we may rewrite fmatch value
>with FMATCH_WRONG parameters. Later osf will create decision based on
>the latest fmatch value, but not the fact that osf had match before.
>
>Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
>
>	Evgeniy Polyakov ( s0mbre )
>
>Only failure makes us experts. -- Theo de Raadt
>  
>

Applied to 2.4 and 2.6, but hand edited, you don't need to move the lock
for a local variable.

diff -u -r1.1 ipt_osf.c
--- osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c  22 Jul 2004 19:21:58 
-0000      1.1
+++ osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c  21 Aug 2004 22:10:02 -0000
@@ -412,6 +412,9 @@
        }

        read_unlock(&osf_lock);
+
+       if (fcount)
+               fmatch = FMATCH_OK;

        return (fmatch == FMATCH_OK)?1:0;
 }

>------------------------------------------------------------------------
>
>--- netfilter_cvs/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2004-07-18 00:10:43.000000000 +0400
>+++ netfilter_cvs/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2004-08-20 21:55:22.000000000 +0400
>@@ -411,8 +413,11 @@
> 		}
> 	}
> 
>-	read_unlock(&osf_lock);
>+	if (fcount)
>+		fmatch = FMATCH_OK;
> 
>+	read_unlock(&osf_lock);
>+	
> 	return (fmatch == FMATCH_OK)?1:0;
> }
> 
>  
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-08-21 22:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-21 21:03 [1/2] osf: fixed matching bug Evgeniy Polyakov
2004-08-21 22:12 ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.