unused code in net/netfilter/ipset/ip_set_bitmap

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

* unused code in net/netfilter/ipset/ip_set_bitmap_ipmac.c
@ 2016-02-29 11:14 Julia Lawall
  2016-02-29 11:23 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 3+ messages in thread
From: Julia Lawall @ 2016-02-29 11:14 UTC (permalink / raw)
  To: Pablo Neira Ayuso, Patrick McHardy, Jozsef Kadlecsik,
	David S. Miller, netfilter-devel, coreteam, netdev, linux-kernel
  Cc: Daniel Borkmann

The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
of static functions that are not used in the file:

bitmap_ipmac_add_timeout
bitmap_ipmac_do_add
bitmap_ipmac_do_del
bitmap_ipmac_do_head
bitmap_ipmac_do_list
bitmap_ipmac_do_test
bitmap_ipmac_gc_test
bitmap_ipmac_is_filled
bitmap_ipmac_kadt
bitmap_ipmac_same_set
bitmap_ipmac_uadt

Have I overooked something?

I was looking at this code, with Daniel Borkmann, because there seems to
be a bug in the function bitmap_ipmac_uadt:

	if (tb[IPSET_ATTR_ETHER]) {
                memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
                e.add_mac = 1;
        }

Later in the same file, there is:

static struct ip_set_type bitmap_ipmac_type = {
	...
        .adt_policy     = {
		...
		[IPSET_ATTR_ETHER]      = { .type = NLA_BINARY,
                                            .len  = ETH_ALEN },
		...},
	...
};

The type NLA_BINARY indicates that the length is a maximum possible
length, and thus a check of the actual length is needed before the memcpy.

The file net/netfilter/ipset/ip_set_hash_mac.c seems to have a similar
problem.  The following static functions are not used:

hash_mac4_data_equal
hash_mac4_data_list
hash_mac4_data_next
hash_mac4_kadt
hash_mac4_uadt

And the following code:

ether_addr_copy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]));

in hash_mac4_uadt does not seem to have a check on the length, and the
field is defined in the same way as above.

julia

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: unused code in net/netfilter/ipset/ip_set_bitmap_ipmac.c
  2016-02-29 11:14 unused code in net/netfilter/ipset/ip_set_bitmap_ipmac.c Julia Lawall
@ 2016-02-29 11:23 ` Jozsef Kadlecsik
  2016-02-29 12:27   ` Julia Lawall
  0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2016-02-29 11:23 UTC (permalink / raw)
  To: Julia Lawall
  Cc: Pablo Neira Ayuso, Patrick McHardy, David S. Miller,
	netfilter-devel, coreteam, netdev, linux-kernel, Daniel Borkmann

Hi,

On Mon, 29 Feb 2016, Julia Lawall wrote:

> The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
> of static functions that are not used in the file:
> 
> bitmap_ipmac_add_timeout
> bitmap_ipmac_do_add
> bitmap_ipmac_do_del
> bitmap_ipmac_do_head
> bitmap_ipmac_do_list
> bitmap_ipmac_do_test
> bitmap_ipmac_gc_test
> bitmap_ipmac_is_filled
> bitmap_ipmac_kadt
> bitmap_ipmac_same_set
> bitmap_ipmac_uadt
> 
> Have I overooked something?

Yes: the file includes ip_set_bitmap_gen.h in which all those functions 
are used.
 
> I was looking at this code, with Daniel Borkmann, because there seems to
> be a bug in the function bitmap_ipmac_uadt:
> 
> 	if (tb[IPSET_ATTR_ETHER]) {
>                 memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
>                 e.add_mac = 1;
>         }
> 
> Later in the same file, there is:
> 
> static struct ip_set_type bitmap_ipmac_type = {
> 	...
>         .adt_policy     = {
> 		...
> 		[IPSET_ATTR_ETHER]      = { .type = NLA_BINARY,
>                                             .len  = ETH_ALEN },
> 		...},
> 	...
> };
> 
> The type NLA_BINARY indicates that the length is a maximum possible
> length, and thus a check of the actual length is needed before the memcpy.

You are right here (and the similar spotting in ip_set_hash_mac.c) - I'll 
prepare a patch and submit it.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: unused code in net/netfilter/ipset/ip_set_bitmap_ipmac.c
  2016-02-29 11:23 ` Jozsef Kadlecsik
@ 2016-02-29 12:27   ` Julia Lawall
  0 siblings, 0 replies; 3+ messages in thread
From: Julia Lawall @ 2016-02-29 12:27 UTC (permalink / raw)
  To: Jozsef Kadlecsik
  Cc: Julia Lawall, Pablo Neira Ayuso, Patrick McHardy, David S. Miller,
	netfilter-devel, coreteam, netdev, linux-kernel, Daniel Borkmann



On Mon, 29 Feb 2016, Jozsef Kadlecsik wrote:

> Hi,
>
> On Mon, 29 Feb 2016, Julia Lawall wrote:
>
> > The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
> > of static functions that are not used in the file:
> >
> > bitmap_ipmac_add_timeout
> > bitmap_ipmac_do_add
> > bitmap_ipmac_do_del
> > bitmap_ipmac_do_head
> > bitmap_ipmac_do_list
> > bitmap_ipmac_do_test
> > bitmap_ipmac_gc_test
> > bitmap_ipmac_is_filled
> > bitmap_ipmac_kadt
> > bitmap_ipmac_same_set
> > bitmap_ipmac_uadt
> >
> > Have I overooked something?
>
> Yes: the file includes ip_set_bitmap_gen.h in which all those functions
> are used.

OK, thanks.  I saw the incude, but I didn't sufficiently appreciate the
#defines at the beginning.  Thanks.

> > I was looking at this code, with Daniel Borkmann, because there seems to
> > be a bug in the function bitmap_ipmac_uadt:
> >
> > 	if (tb[IPSET_ATTR_ETHER]) {
> >                 memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
> >                 e.add_mac = 1;
> >         }
> >
> > Later in the same file, there is:
> >
> > static struct ip_set_type bitmap_ipmac_type = {
> > 	...
> >         .adt_policy     = {
> > 		...
> > 		[IPSET_ATTR_ETHER]      = { .type = NLA_BINARY,
> >                                             .len  = ETH_ALEN },
> > 		...},
> > 	...
> > };
> >
> > The type NLA_BINARY indicates that the length is a maximum possible
> > length, and thus a check of the actual length is needed before the memcpy.
>
> You are right here (and the similar spotting in ip_set_hash_mac.c) - I'll
> prepare a patch and submit it.

Great.  Thanks.

julia

>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-02-29 12:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-29 11:14 unused code in net/netfilter/ipset/ip_set_bitmap_ipmac.c Julia Lawall
2016-02-29 11:23 ` Jozsef Kadlecsik
2016-02-29 12:27   ` Julia Lawall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox