From: Jeremy Sowden <jeremy@azazel.net>
To: Phil Sutter <phil@nwl.cc>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Subject: Re: [iptables PATCH] Unbreak xtables-translate
Date: Sun, 7 Nov 2021 16:03:32 +0000 [thread overview]
Message-ID: <YYf41EwPa8YBKNpY@azazel.net> (raw)
In-Reply-To: <20211106204544.13136-1-phil@nwl.cc>
[-- Attachment #1: Type: text/plain, Size: 1573 bytes --]
On 2021-11-06, at 21:45:44 +0100, Phil Sutter wrote:
> Fixed commit broke xtables-translate which still relied upon
> do_parse() to properly initialize the passed iptables_command_state
> reference. To allow for callers to preset fields, this doesn't happen
> anymore so do_command_xlate() has to initialize itself. Otherwise
> garbage from stack is read leading to segfaults and program aborts.
>
> Although init_cs callback is used by arptables only and
> arptables-translate has not been implemented, do call it if set just
> to avoid future issues.
>
> Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> iptables/xtables-translate.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
> index 086b85d2f9cef..e2948c5009dd6 100644
> --- a/iptables/xtables-translate.c
> +++ b/iptables/xtables-translate.c
> @@ -253,11 +253,18 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
> .restore = restore,
> .xlate = true,
> };
> - struct iptables_command_state cs;
> + struct iptables_command_state cs = {
> + .jumpto = "",
> + .argv = argv,
> + };
No need to initialize .jumpto explicitly: initializing .argv will
zero-initialize all the other members.
> +
> struct xtables_args args = {
> .family = h->family,
> };
>
> + if (h->ops->init_cs)
> + h->ops->init_cs(&cs);
> +
> do_parse(h, argc, argv, &p, &cs, &args);
>
> cs.restore = restore;
> --
> 2.33.0
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-11-07 16:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-06 20:45 [iptables PATCH] Unbreak xtables-translate Phil Sutter
2021-11-07 16:03 ` Jeremy Sowden [this message]
2021-11-07 16:07 ` Jeremy Sowden
2021-11-08 11:21 ` Phil Sutter
2021-11-08 11:02 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYf41EwPa8YBKNpY@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.