From: Patrick McHardy <kaber@trash.net>
To: andrei.popa@i-neo.ro
Cc: netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [oops] in text matching
Date: Tue, 13 Nov 2007 07:56:58 +0100 [thread overview]
Message-ID: <47394ABA.3070109@trash.net> (raw)
In-Reply-To: <1194936719.10588.0.camel@ierdnac>
Andrei Popa wrote:
> On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote:
>> Andrei Popa wrote:
>>> The oops is reproducible by this script (yyy are some IP addresses):
>>>
>>> ...
>>> #$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick"
>>> -j DROP
>>
>> I could reproduce it with an empty string - is $MyNick defined?
>
> it's not defined.
>
>> Please try this patch.
>
> it's ok now:
>
> test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm
> --string "$MyNick" -j DROP
> iptables: Invalid argument
Thanks, thats whats expected. The patch is suboptimal though
since it should really allow patterns of length zero. Pablo,
the naive approach would be to ignore patlen == 0 in the
initialization path and return the current position in bm_find().
But I'm guessing there's a better way to handle this case,
could you look into this please? Thanks.
>
>> plain text document attachment (x)
>> diff --git a/lib/ts_bm.c b/lib/ts_bm.c
>> index d90822c..5adb3ff 100644
>> --- a/lib/ts_bm.c
>> +++ b/lib/ts_bm.c
>> @@ -142,6 +142,9 @@ static struct ts_config *bm_init(const void *pattern, unsigned int len,
>> unsigned int prefix_tbl_len = len * sizeof(unsigned int);
>> size_t priv_size = sizeof(*bm) + len + prefix_tbl_len;
>>
>> + if (len == 0)
>> + return ERR_PTR(-EINVAL);
>> +
>> conf = alloc_ts_config(priv_size, gfp_mask);
>> if (IS_ERR(conf))
>> return conf;
>
next prev parent reply other threads:[~2007-11-13 6:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-08 12:40 [oops] in text matching Andrei Popa
2007-11-08 13:32 ` Patrick McHardy
2007-11-08 18:50 ` Andrei Popa
2007-11-08 18:53 ` Andrei Popa
2007-11-08 19:06 ` Andrei Popa
2007-11-10 12:57 ` Patrick McHardy
2007-11-13 6:51 ` Andrei Popa
2007-11-13 6:56 ` Patrick McHardy [this message]
2007-11-25 15:38 ` Patrick McHardy
2007-11-25 19:30 ` Pablo Neira Ayuso
2007-11-26 7:43 ` Patrick McHardy
2007-11-28 17:07 ` Pablo Neira Ayuso
2007-11-28 18:38 ` Patrick McHardy
2007-11-29 23:51 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47394ABA.3070109@trash.net \
--to=kaber@trash.net \
--cc=andrei.popa@i-neo.ro \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.