* [PATCH] netfilter fix for 3.6-rc7
@ 2012-09-25 23:34 pablo
2012-09-25 23:34 ` [PATCH] netfilter: xt_limit: have r->cost != 0 case work pablo
2012-09-27 17:16 ` [PATCH] netfilter fix for 3.6-rc7 David Miller
0 siblings, 2 replies; 3+ messages in thread
From: pablo @ 2012-09-25 23:34 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Pablo Neira Ayuso <pablo@netfilter.org>
Hi David,
If time allows, I'd appreciate if you can take the following fix
for the xt_limit match.
As Jan indicates, random things may occur while using the xt_limit
match due to use of uninitialized memory.
You can pull this change from:
git://1984.lsi.us.es/nf master
Thanks!
Jan Engelhardt (1):
netfilter: xt_limit: have r->cost != 0 case work
net/netfilter/xt_limit.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--
1.7.10.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] netfilter: xt_limit: have r->cost != 0 case work
2012-09-25 23:34 [PATCH] netfilter fix for 3.6-rc7 pablo
@ 2012-09-25 23:34 ` pablo
2012-09-27 17:16 ` [PATCH] netfilter fix for 3.6-rc7 David Miller
1 sibling, 0 replies; 3+ messages in thread
From: pablo @ 2012-09-25 23:34 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Jan Engelhardt <jengelh@inai.de>
Commit v2.6.19-rc1~1272^2~41 tells us that r->cost != 0 can happen when
a running state is saved to userspace and then reinstated from there.
Make sure that private xt_limit area is initialized with correct values.
Otherwise, random matchings due to use of uninitialized memory.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_limit.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index 5c22ce8..a4c1e45 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -117,11 +117,11 @@ static int limit_mt_check(const struct xt_mtchk_param *par)
/* For SMP, we only want to use one set of state. */
r->master = priv;
+ /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
+ 128. */
+ priv->prev = jiffies;
+ priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
if (r->cost == 0) {
- /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
- 128. */
- priv->prev = jiffies;
- priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
r->credit_cap = priv->credit; /* Credits full. */
r->cost = user2credits(r->avg);
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] netfilter fix for 3.6-rc7
2012-09-25 23:34 [PATCH] netfilter fix for 3.6-rc7 pablo
2012-09-25 23:34 ` [PATCH] netfilter: xt_limit: have r->cost != 0 case work pablo
@ 2012-09-27 17:16 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2012-09-27 17:16 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, netdev
From: pablo@netfilter.org
Date: Wed, 26 Sep 2012 01:34:10 +0200
> If time allows, I'd appreciate if you can take the following fix
> for the xt_limit match.
>
> As Jan indicates, random things may occur while using the xt_limit
> match due to use of uninitialized memory.
>
> You can pull this change from:
>
> git://1984.lsi.us.es/nf master
Pulled, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-09-27 17:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-25 23:34 [PATCH] netfilter fix for 3.6-rc7 pablo
2012-09-25 23:34 ` [PATCH] netfilter: xt_limit: have r->cost != 0 case work pablo
2012-09-27 17:16 ` [PATCH] netfilter fix for 3.6-rc7 David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).