* [iptables PATCH] Unbreak xtables-translate
@ 2021-11-06 20:45 Phil Sutter
2021-11-07 16:03 ` Jeremy Sowden
2021-11-08 11:02 ` Pablo Neira Ayuso
0 siblings, 2 replies; 5+ messages in thread
From: Phil Sutter @ 2021-11-06 20:45 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Fixed commit broke xtables-translate which still relied upon do_parse()
to properly initialize the passed iptables_command_state reference. To
allow for callers to preset fields, this doesn't happen anymore so
do_command_xlate() has to initialize itself. Otherwise garbage from
stack is read leading to segfaults and program aborts.
Although init_cs callback is used by arptables only and
arptables-translate has not been implemented, do call it if set just to
avoid future issues.
Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/xtables-translate.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 086b85d2f9cef..e2948c5009dd6 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -253,11 +253,18 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
.restore = restore,
.xlate = true,
};
- struct iptables_command_state cs;
+ struct iptables_command_state cs = {
+ .jumpto = "",
+ .argv = argv,
+ };
+
struct xtables_args args = {
.family = h->family,
};
+ if (h->ops->init_cs)
+ h->ops->init_cs(&cs);
+
do_parse(h, argc, argv, &p, &cs, &args);
cs.restore = restore;
--
2.33.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [iptables PATCH] Unbreak xtables-translate
2021-11-06 20:45 [iptables PATCH] Unbreak xtables-translate Phil Sutter
@ 2021-11-07 16:03 ` Jeremy Sowden
2021-11-07 16:07 ` Jeremy Sowden
2021-11-08 11:02 ` Pablo Neira Ayuso
1 sibling, 1 reply; 5+ messages in thread
From: Jeremy Sowden @ 2021-11-07 16:03 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1573 bytes --]
On 2021-11-06, at 21:45:44 +0100, Phil Sutter wrote:
> Fixed commit broke xtables-translate which still relied upon
> do_parse() to properly initialize the passed iptables_command_state
> reference. To allow for callers to preset fields, this doesn't happen
> anymore so do_command_xlate() has to initialize itself. Otherwise
> garbage from stack is read leading to segfaults and program aborts.
>
> Although init_cs callback is used by arptables only and
> arptables-translate has not been implemented, do call it if set just
> to avoid future issues.
>
> Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> iptables/xtables-translate.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
> index 086b85d2f9cef..e2948c5009dd6 100644
> --- a/iptables/xtables-translate.c
> +++ b/iptables/xtables-translate.c
> @@ -253,11 +253,18 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
> .restore = restore,
> .xlate = true,
> };
> - struct iptables_command_state cs;
> + struct iptables_command_state cs = {
> + .jumpto = "",
> + .argv = argv,
> + };
No need to initialize .jumpto explicitly: initializing .argv will
zero-initialize all the other members.
> +
> struct xtables_args args = {
> .family = h->family,
> };
>
> + if (h->ops->init_cs)
> + h->ops->init_cs(&cs);
> +
> do_parse(h, argc, argv, &p, &cs, &args);
>
> cs.restore = restore;
> --
> 2.33.0
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [iptables PATCH] Unbreak xtables-translate
2021-11-07 16:03 ` Jeremy Sowden
@ 2021-11-07 16:07 ` Jeremy Sowden
2021-11-08 11:21 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Jeremy Sowden @ 2021-11-07 16:07 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1813 bytes --]
On 2021-11-07, at 16:03:38 +0000, Jeremy Sowden wrote:
> On 2021-11-06, at 21:45:44 +0100, Phil Sutter wrote:
> > Fixed commit broke xtables-translate which still relied upon
> > do_parse() to properly initialize the passed iptables_command_state
> > reference. To allow for callers to preset fields, this doesn't
> > happen anymore so do_command_xlate() has to initialize itself.
> > Otherwise garbage from stack is read leading to segfaults and
> > program aborts.
> >
> > Although init_cs callback is used by arptables only and
> > arptables-translate has not been implemented, do call it if set just
> > to avoid future issues.
> >
> > Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> > iptables/xtables-translate.c | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
> > index 086b85d2f9cef..e2948c5009dd6 100644
> > --- a/iptables/xtables-translate.c
> > +++ b/iptables/xtables-translate.c
> > @@ -253,11 +253,18 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
> > .restore = restore,
> > .xlate = true,
> > };
> > - struct iptables_command_state cs;
> > + struct iptables_command_state cs = {
> > + .jumpto = "",
> > + .argv = argv,
> > + };
>
> No need to initialize .jumpto explicitly: initializing .argv will
> zero-initialize all the other members.
Apologies, I'm talking nonsense: .jumpto is a pointer, not an array.
Ignore me. :)
> > +
> > struct xtables_args args = {
> > .family = h->family,
> > };
> >
> > + if (h->ops->init_cs)
> > + h->ops->init_cs(&cs);
> > +
> > do_parse(h, argc, argv, &p, &cs, &args);
> >
> > cs.restore = restore;
> > --
> > 2.33.0
> >
> >
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [iptables PATCH] Unbreak xtables-translate
2021-11-07 16:07 ` Jeremy Sowden
@ 2021-11-08 11:21 ` Phil Sutter
0 siblings, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2021-11-08 11:21 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Pablo Neira Ayuso, netfilter-devel
Hey Jeremy,
On Sun, Nov 07, 2021 at 04:07:27PM +0000, Jeremy Sowden wrote:
[...]
> Apologies, I'm talking nonsense: .jumpto is a pointer, not an array.
> Ignore me. :)
I wondered at first, but indeed assigning an empty string to an array is
identical to setting all fields zero. :)
Thanks for the review!
Cheers, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [iptables PATCH] Unbreak xtables-translate
2021-11-06 20:45 [iptables PATCH] Unbreak xtables-translate Phil Sutter
2021-11-07 16:03 ` Jeremy Sowden
@ 2021-11-08 11:02 ` Pablo Neira Ayuso
1 sibling, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-08 11:02 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Sat, Nov 06, 2021 at 09:45:44PM +0100, Phil Sutter wrote:
> Fixed commit broke xtables-translate which still relied upon do_parse()
> to properly initialize the passed iptables_command_state reference. To
> allow for callers to preset fields, this doesn't happen anymore so
> do_command_xlate() has to initialize itself. Otherwise garbage from
> stack is read leading to segfaults and program aborts.
>
> Although init_cs callback is used by arptables only and
> arptables-translate has not been implemented, do call it if set just to
> avoid future issues.
>
> Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
Tested-by: Pablo Neira Ayuso <pablo@netfilter.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-11-08 11:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-06 20:45 [iptables PATCH] Unbreak xtables-translate Phil Sutter
2021-11-07 16:03 ` Jeremy Sowden
2021-11-07 16:07 ` Jeremy Sowden
2021-11-08 11:21 ` Phil Sutter
2021-11-08 11:02 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.