* [PATCH] Boyer Moore textsearch bug fix @ 2006-08-17 3:16 Michael Rash 2006-08-17 13:39 ` Patrick McHardy 0 siblings, 1 reply; 6+ messages in thread From: Michael Rash @ 2006-08-17 3:16 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel Hi - The patch below fixes Bugzilla #501: The compute_prefix_tbl() function in lib/ts_bm.c is called before bm->pattern is initialized, and this results in the following issue. If the rule below is put within the OUTPUT chain (note the slightly repetitive pattern "aaabbbccc" which I think is necessary to expose the fact that the good_shift array is not getting populated correctly): iptables -I OUTPUT -p tcp --dport 80 -m string --string "aaabbbccc" \ --algo bm -j LOG --log-prefix "bm " ...then the issuing the following commands fail to match the rule (no log message is generated): echo "1aaabbbccc" |nc <someserver> 80 echo "12aaabbbccc" |nc <someserver> 80 echo "1234aaabbbccc" |nc <someserver> 80 ...but these do match: echo "aaabbbccc" |nc <someserver> 80 echo "123aaabbbccc" |nc <someserver> 80 -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F --- linux-2.6.17.8/lib/ts_bm.c.orig 2006-08-16 21:17:38.000000000 -0400 +++ linux-2.6.17.8/lib/ts_bm.c 2006-08-16 21:17:56.000000000 -0400 @@ -151,8 +151,8 @@ bm = ts_config_priv(conf); bm->patlen = len; bm->pattern = (u8 *) bm->good_shift + prefix_tbl_len; - compute_prefix_tbl(bm, pattern, len); memcpy(bm->pattern, pattern, len); + compute_prefix_tbl(bm, pattern, len); return conf; } ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Boyer Moore textsearch bug fix 2006-08-17 3:16 [PATCH] Boyer Moore textsearch bug fix Michael Rash @ 2006-08-17 13:39 ` Patrick McHardy 2006-08-17 14:25 ` Pablo Neira Ayuso 2006-08-17 14:46 ` Michael Rash 0 siblings, 2 replies; 6+ messages in thread From: Patrick McHardy @ 2006-08-17 13:39 UTC (permalink / raw) To: Michael Rash; +Cc: netfilter-devel, Pablo Neira Ayuso Michael Rash wrote: > --- linux-2.6.17.8/lib/ts_bm.c.orig 2006-08-16 21:17:38.000000000 -0400 > +++ linux-2.6.17.8/lib/ts_bm.c 2006-08-16 21:17:56.000000000 -0400 > @@ -151,8 +151,8 @@ > bm = ts_config_priv(conf); > bm->patlen = len; > bm->pattern = (u8 *) bm->good_shift + prefix_tbl_len; > - compute_prefix_tbl(bm, pattern, len); > memcpy(bm->pattern, pattern, len); > + compute_prefix_tbl(bm, pattern, len); Good catch, thanks. But since both pattern and len are also passed to compute_prefix_tbl as arguments, I think we should either make it use only those arguments, or remove those arguments and use only the values from struct ts_bm. Please send a new patch and add a Signed-off-by line so I can apply it. Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Boyer Moore textsearch bug fix 2006-08-17 13:39 ` Patrick McHardy @ 2006-08-17 14:25 ` Pablo Neira Ayuso 2006-08-17 14:27 ` Patrick McHardy 2006-08-17 14:46 ` Michael Rash 1 sibling, 1 reply; 6+ messages in thread From: Pablo Neira Ayuso @ 2006-08-17 14:25 UTC (permalink / raw) To: Patrick McHardy; +Cc: Michael Rash, netfilter-devel Patrick McHardy wrote: > Michael Rash wrote: > >>--- linux-2.6.17.8/lib/ts_bm.c.orig 2006-08-16 21:17:38.000000000 -0400 >>+++ linux-2.6.17.8/lib/ts_bm.c 2006-08-16 21:17:56.000000000 -0400 >>@@ -151,8 +151,8 @@ >> bm = ts_config_priv(conf); >> bm->patlen = len; >> bm->pattern = (u8 *) bm->good_shift + prefix_tbl_len; >>- compute_prefix_tbl(bm, pattern, len); >> memcpy(bm->pattern, pattern, len); >>+ compute_prefix_tbl(bm, pattern, len); > > > > Good catch, thanks. But since both pattern and len are also passed > to compute_prefix_tbl as arguments, I think we should either make > it use only those arguments, or remove those arguments and use only > the values from struct ts_bm. Damn, that is my fault, thanks for the catch Michael. > Please send a new patch and add a Signed-off-by line so I can > apply it. Thanks. Patrick, do you plan to pass this patch to -stable as well? -- The dawn of the fourth age of Linux firewalling is coming; a time of great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Boyer Moore textsearch bug fix 2006-08-17 14:25 ` Pablo Neira Ayuso @ 2006-08-17 14:27 ` Patrick McHardy 0 siblings, 0 replies; 6+ messages in thread From: Patrick McHardy @ 2006-08-17 14:27 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: Michael Rash, netfilter-devel Pablo Neira Ayuso wrote: > Patrick, do you plan to pass this patch to -stable as well? Not yet, but I can do that. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Boyer Moore textsearch bug fix 2006-08-17 13:39 ` Patrick McHardy 2006-08-17 14:25 ` Pablo Neira Ayuso @ 2006-08-17 14:46 ` Michael Rash 2006-08-17 15:43 ` Patrick McHardy 1 sibling, 1 reply; 6+ messages in thread From: Michael Rash @ 2006-08-17 14:46 UTC (permalink / raw) To: Patrick McHardy; +Cc: Michael Rash, netfilter-devel, Pablo Neira Ayuso On Aug 17, 2006, Patrick McHardy wrote: > Michael Rash wrote: > > --- linux-2.6.17.8/lib/ts_bm.c.orig 2006-08-16 21:17:38.000000000 -0400 > > +++ linux-2.6.17.8/lib/ts_bm.c 2006-08-16 21:17:56.000000000 -0400 > > @@ -151,8 +151,8 @@ > > bm = ts_config_priv(conf); > > bm->patlen = len; > > bm->pattern = (u8 *) bm->good_shift + prefix_tbl_len; > > - compute_prefix_tbl(bm, pattern, len); > > memcpy(bm->pattern, pattern, len); > > + compute_prefix_tbl(bm, pattern, len); > > > Good catch, thanks. But since both pattern and len are also passed > to compute_prefix_tbl as arguments, I think we should either make > it use only those arguments, or remove those arguments and use only > the values from struct ts_bm. > > Please send a new patch and add a Signed-off-by line so I can > apply it. Thanks. Got it. Here is a new patch. Thanks. --Mike Signed-off-by: Michael Rash <mbr@cipherdyne.org> --- linux-2.6.17.8/lib/ts_bm.c.orig 2006-08-16 21:17:38.000000000 -0400 +++ linux-2.6.17.8/lib/ts_bm.c 2006-08-17 10:35:25.000000000 -0400 @@ -112,15 +112,14 @@ return ret; } -static void compute_prefix_tbl(struct ts_bm *bm, const u8 *pattern, - unsigned int len) +static void compute_prefix_tbl(struct ts_bm *bm) { int i, j, g; for (i = 0; i < ASIZE; i++) - bm->bad_shift[i] = len; - for (i = 0; i < len - 1; i++) - bm->bad_shift[pattern[i]] = len - 1 - i; + bm->bad_shift[i] = bm->patlen; + for (i = 0; i < bm->patlen - 1; i++) + bm->bad_shift[bm->pattern[i]] = bm->patlen - 1 - i; /* Compute the good shift array, used to match reocurrences * of a subpattern */ @@ -151,8 +150,8 @@ bm = ts_config_priv(conf); bm->patlen = len; bm->pattern = (u8 *) bm->good_shift + prefix_tbl_len; - compute_prefix_tbl(bm, pattern, len); memcpy(bm->pattern, pattern, len); + compute_prefix_tbl(bm); return conf; } ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Boyer Moore textsearch bug fix 2006-08-17 14:46 ` Michael Rash @ 2006-08-17 15:43 ` Patrick McHardy 0 siblings, 0 replies; 6+ messages in thread From: Patrick McHardy @ 2006-08-17 15:43 UTC (permalink / raw) To: Michael Rash; +Cc: netfilter-devel, Pablo Neira Ayuso Michael Rash wrote: > Got it. Here is a new patch. Thanks. Applied, thanks Michael. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-08-17 15:43 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-08-17 3:16 [PATCH] Boyer Moore textsearch bug fix Michael Rash 2006-08-17 13:39 ` Patrick McHardy 2006-08-17 14:25 ` Pablo Neira Ayuso 2006-08-17 14:27 ` Patrick McHardy 2006-08-17 14:46 ` Michael Rash 2006-08-17 15:43 ` Patrick McHardy
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.