From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 1/6] libxtables: properly reject empty hostnames
Date: Sun, 10 Jul 2011 20:22:13 +0200 [thread overview]
Message-ID: <1310322139-28505-2-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1310322139-28505-1-git-send-email-jengelh@medozas.de>
An empty hostname in the address list of an -s/-d argument, which may
be the result of a typo, is interpreted as 0/0, which, when combined
with -j ACCEPT, leads to an undesired opening of the firewall.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=727
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
iptables/xtables.c | 46 ++++++++++++++++++++--------------------------
1 files changed, 20 insertions(+), 26 deletions(-)
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c4b1c2a..3b17395 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1299,7 +1299,7 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
struct in_addr **maskpp, unsigned int *naddrs)
{
struct in_addr *addrp;
- char buf[256], *p;
+ char buf[256], *p, *next;
unsigned int len, i, j, n, count = 1;
const char *loop = name;
@@ -1314,23 +1314,17 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
loop = name;
for (i = 0; i < count; ++i) {
- if (loop == NULL)
- break;
- if (*loop == ',')
- ++loop;
- if (*loop == '\0')
- break;
- p = strchr(loop, ',');
- if (p != NULL)
- len = p - loop;
+ next = strchr(loop, ',');
+ if (next != NULL)
+ len = next - loop;
else
len = strlen(loop);
- if (len == 0 || sizeof(buf) - 1 < len)
- break;
+ if (len > sizeof(buf) - 1)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Hostname too long");
strncpy(buf, loop, len);
buf[len] = '\0';
- loop += len;
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_ipmask(p + 1);
@@ -1368,6 +1362,9 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp,
}
/* free what ipparse_hostnetwork had allocated: */
free(addrp);
+ if (next == NULL)
+ break;
+ loop = next + 1;
}
*naddrs = count;
for (i = 0; i < count; ++i)
@@ -1616,7 +1613,7 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
{
static const struct in6_addr zero_addr;
struct in6_addr *addrp;
- char buf[256], *p;
+ char buf[256], *p, *next;
unsigned int len, i, j, n, count = 1;
const char *loop = name;
@@ -1631,23 +1628,17 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
loop = name;
for (i = 0; i < count /*NB: count can grow*/; ++i) {
- if (loop == NULL)
- break;
- if (*loop == ',')
- ++loop;
- if (*loop == '\0')
- break;
- p = strchr(loop, ',');
- if (p != NULL)
- len = p - loop;
+ next = strchr(loop, ',');
+ if (next != NULL)
+ len = next - loop;
else
len = strlen(loop);
- if (len == 0 || sizeof(buf) - 1 < len)
- break;
+ if (len > sizeof(buf) - 1)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Hostname too long");
strncpy(buf, loop, len);
buf[len] = '\0';
- loop += len;
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_ip6mask(p + 1);
@@ -1681,6 +1672,9 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp,
}
/* free what ip6parse_hostnetwork had allocated: */
free(addrp);
+ if (next == NULL)
+ break;
+ loop = next + 1;
}
*naddrs = count;
for (i = 0; i < count; ++i)
--
1.7.3.4
next prev parent reply other threads:[~2011-07-10 18:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-10 18:22 iptables patches 20110710 Jan Engelhardt
2011-07-10 18:22 ` Jan Engelhardt [this message]
2011-07-10 18:22 ` [PATCH 2/6] libxtables: ignore whitespace in the multiaddress argument parser Jan Engelhardt
2011-07-10 18:22 ` [PATCH 3/6] option: remove last traces of intrapositional negation Jan Engelhardt
2011-07-10 18:22 ` [PATCH 4/6] libxtables: set clone's initial data to NULL Jan Engelhardt
2011-07-10 18:22 ` [PATCH 5/6] libxt_conntrack: restore network-byte order for v1,v2 Jan Engelhardt
2011-07-10 18:22 ` [PATCH 6/6] libxt_conntrack: move more data into the xt_option_entry Jan Engelhardt
2011-07-11 8:41 ` iptables patches 20110710 Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1310322139-28505-2-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).