All of lore.kernel.org
 help / color / mirror / Atom feed
From: Olivier MATZ <olivier.matz@6wind.com>
To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
	Patrick McHardy <kaber@netfilter.org>
Subject: Re: [PATCH] sctp: chunkmap size is too large
Date: Mon, 02 Feb 2009 10:23:24 +0100	[thread overview]
Message-ID: <4986BB8C.5080503@6wind.com> (raw)
In-Reply-To: <4983200B.2080707@6wind.com>

[-- Attachment #1: Type: text/plain, Size: 487 bytes --]

Hi,

A file was missing in the previous patch. I think that
the size of chunkmapcopy in xt_sctp.c should also be
fixed.

I attached the new patch.

  include/linux/netfilter/xt_sctp.h       |   30 
++++++++++++++++--------------
  include/linux/netfilter_ipv4/ipt_sctp.h |   30 
++++++++++++++++--------------
  net/netfilter/xt_sctp.c                 |    2 +-
  3 files changed, 33 insertions(+), 29 deletions(-)

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>

Thanks,
Olivier


[-- Attachment #2: linux_sctp_chunkmap_too_large_b.diff --]
[-- Type: text/x-patch, Size: 4524 bytes --]

diff -r 94166a3a38bd include/linux/netfilter/xt_sctp.h
--- a/include/linux/netfilter/xt_sctp.h	Sat Jan 31 15:56:23 2009 -0800
+++ b/include/linux/netfilter/xt_sctp.h	Mon Feb 02 10:18:51 2009 +0100
@@ -15,11 +15,13 @@
 
 #define XT_NUM_SCTP_FLAGS	4
 
+#define sizeof_bits(type) (sizeof(type) * 8)
+
 struct xt_sctp_info {
 	u_int16_t dpts[2];  /* Min, Max */
 	u_int16_t spts[2];  /* Min, Max */
 
-	u_int32_t chunkmap[256 / sizeof (u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
+	u_int32_t chunkmap[256 / sizeof_bits(u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
 
 #define SCTP_CHUNK_MATCH_ANY   0x01  /* Match if any of the chunk types are present */
 #define SCTP_CHUNK_MATCH_ALL   0x02  /* Match if all of the chunk types are present */
@@ -33,24 +35,24 @@
 	u_int32_t invflags;
 };
 
-#define bytes(type) (sizeof(type) * 8)
+#define SCTP_MODULO(chunktype, type) (chunktype & (sizeof_bits(type)-1))
 
-#define SCTP_CHUNKMAP_SET(chunkmap, type) 		\
-	do { 						\
-		(chunkmap)[type / bytes(u_int32_t)] |= 	\
-			1 << (type % bytes(u_int32_t));	\
+#define SCTP_CHUNKMAP_SET(chunkmap, chunktype)				\
+	do {								\
+		chunkmap[chunktype / sizeof_bits(u_int32_t)] |=		\
+			1 << SCTP_MODULO(chunktype, u_int32_t);		\
 	} while (0)
 
-#define SCTP_CHUNKMAP_CLEAR(chunkmap, type)		 	\
-	do {							\
-		(chunkmap)[type / bytes(u_int32_t)] &= 		\
-			~(1 << (type % bytes(u_int32_t)));	\
+#define SCTP_CHUNKMAP_CLEAR(chunkmap, chunktype)		 	\
+	do {								\
+		chunkmap[chunktype / sizeof_bits(u_int32_t)] &=		\
+			~(1 << SCTP_MODULO(chunktype, u_int32_t));	\
 	} while (0)
 
-#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) 			\
-({								\
-	((chunkmap)[type / bytes (u_int32_t)] & 		\
-		(1 << (type % bytes (u_int32_t)))) ? 1: 0;	\
+#define SCTP_CHUNKMAP_IS_SET(chunkmap, chunktype) 			\
+({									\
+	(chunkmap[chunktype / sizeof_bits(u_int32_t)] &			\
+	 (1 << SCTP_MODULO(chunktype, u_int32_t))) ? 1 : 0;		\
 })
 
 #define SCTP_CHUNKMAP_RESET(chunkmap) \
diff -r 94166a3a38bd include/linux/netfilter_ipv4/ipt_sctp.h
--- a/include/linux/netfilter_ipv4/ipt_sctp.h	Sat Jan 31 15:56:23 2009 -0800
+++ b/include/linux/netfilter_ipv4/ipt_sctp.h	Mon Feb 02 10:18:51 2009 +0100
@@ -16,11 +16,13 @@
 
 #define IPT_NUM_SCTP_FLAGS	4
 
+#define sizeof_bits(type) (sizeof(type) * 8)
+
 struct ipt_sctp_info {
 	u_int16_t dpts[2];  /* Min, Max */
 	u_int16_t spts[2];  /* Min, Max */
 
-	u_int32_t chunkmap[256 / sizeof (u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
+	u_int32_t chunkmap[256 / sizeof_bits(u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
 
 #define SCTP_CHUNK_MATCH_ANY   0x01  /* Match if any of the chunk types are present */
 #define SCTP_CHUNK_MATCH_ALL   0x02  /* Match if all of the chunk types are present */
@@ -34,24 +36,24 @@
 	u_int32_t invflags;
 };
 
-#define bytes(type) (sizeof(type) * 8)
+#define SCTP_MODULO(chunktype, type) (chunktype & (sizeof_bits(type)-1))
 
-#define SCTP_CHUNKMAP_SET(chunkmap, type) 		\
-	do { 						\
-		chunkmap[type / bytes(u_int32_t)] |= 	\
-			1 << (type % bytes(u_int32_t));	\
+#define SCTP_CHUNKMAP_SET(chunkmap, chunktype)				\
+	do {								\
+		chunkmap[chunktype / sizeof_bits(u_int32_t)] |=		\
+			1 << SCTP_MODULO(chunktype, u_int32_t);		\
 	} while (0)
 
-#define SCTP_CHUNKMAP_CLEAR(chunkmap, type)		 	\
-	do {							\
-		chunkmap[type / bytes(u_int32_t)] &= 		\
-			~(1 << (type % bytes(u_int32_t)));	\
+#define SCTP_CHUNKMAP_CLEAR(chunkmap, chunktype)		 	\
+	do {								\
+		chunkmap[chunktype / sizeof_bits(u_int32_t)] &=		\
+			~(1 << SCTP_MODULO(chunktype, u_int32_t));	\
 	} while (0)
 
-#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) 			\
-({								\
-	(chunkmap[type / bytes (u_int32_t)] & 			\
-		(1 << (type % bytes (u_int32_t)))) ? 1: 0;	\
+#define SCTP_CHUNKMAP_IS_SET(chunkmap, chunktype) 			\
+({									\
+	(chunkmap[chunktype / sizeof_bits(u_int32_t)] &			\
+	 (1 << SCTP_MODULO(chunktype, u_int32_t))) ? 1 : 0;		\
 })
 
 #define SCTP_CHUNKMAP_RESET(chunkmap) 				\
diff -r 94166a3a38bd net/netfilter/xt_sctp.c
--- a/net/netfilter/xt_sctp.c	Sat Jan 31 15:56:23 2009 -0800
+++ b/net/netfilter/xt_sctp.c	Mon Feb 02 10:18:51 2009 +0100
@@ -45,7 +45,7 @@
 	     const struct xt_sctp_info *info,
 	     bool *hotdrop)
 {
-	u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
+	u_int32_t chunkmapcopy[256 / sizeof_bits(u_int32_t)];
 	const sctp_chunkhdr_t *sch;
 	sctp_chunkhdr_t _sch;
 	int chunk_match_type = info->chunk_match_type;

      parent reply	other threads:[~2009-02-02  9:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-30 15:43 [PATCH] sctp: chunkmap size is too large Olivier MATZ
2009-02-01  9:14 ` David Miller
2009-02-04 10:12   ` Jan Engelhardt
2009-02-09 13:50   ` Patrick McHardy
2009-02-02  9:23 ` Olivier MATZ [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4986BB8C.5080503@6wind.com \
    --to=olivier.matz@6wind.com \
    --cc=kaber@netfilter.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.