* [PATCH iptables-compat 1/2] iptables-compat: nft: use nft_batch_begin and nft_batch_end from libnftnl
@ 2014-09-30 17:35 Pablo Neira Ayuso
2014-09-30 17:35 ` [PATCH iptables-compat 2/2] iptables-compat: fix use after free in the batch send path Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-09-30 17:35 UTC (permalink / raw)
To: netfilter-devel
Use the existing functions in libnftnl to begin and end a batch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
iptables/nft.c | 26 +++++---------------------
1 file changed, 5 insertions(+), 21 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index e3b07e0..8c91e99 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -240,34 +240,18 @@ static int mnl_nft_batch_talk(struct nft_handle *h)
return err ? -1 : 0;
}
-static void mnl_nft_batch_put(struct mnl_nlmsg_batch *batch, int type,
- uint32_t seq)
+static void mnl_nft_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- struct nlmsghdr *nlh;
- struct nfgenmsg *nfg;
-
- nlh = mnl_nlmsg_put_header(mnl_nlmsg_batch_current(batch));
- nlh->nlmsg_type = type;
- nlh->nlmsg_flags = NLM_F_REQUEST;
- nlh->nlmsg_seq = seq;
-
- nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_INET;
- nfg->version = NFNETLINK_V0;
- nfg->res_id = NFNL_SUBSYS_NFTABLES;
-
+ nft_batch_begin(mnl_nlmsg_batch_current(batch), seq);
if (!mnl_nlmsg_batch_next(batch))
mnl_nft_batch_page_add(batch);
}
-static void mnl_nft_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
-{
- mnl_nft_batch_put(batch, NFNL_MSG_BATCH_BEGIN, seq);
-}
-
static void mnl_nft_batch_end(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- mnl_nft_batch_put(batch, NFNL_MSG_BATCH_END, seq);
+ nft_batch_end(mnl_nlmsg_batch_current(batch), seq);
+ if (!mnl_nlmsg_batch_next(batch))
+ mnl_nft_batch_page_add(batch);
}
enum obj_update_type {
--
1.7.10.4
^ permalink raw reply related [flat|nested] 2+ messages in thread* [PATCH iptables-compat 2/2] iptables-compat: fix use after free in the batch send path
2014-09-30 17:35 [PATCH iptables-compat 1/2] iptables-compat: nft: use nft_batch_begin and nft_batch_end from libnftnl Pablo Neira Ayuso
@ 2014-09-30 17:35 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-09-30 17:35 UTC (permalink / raw)
To: netfilter-devel
Release the batch pages once they have been sent via sendmsg().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
iptables/nft.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 8c91e99..a4cea22 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -142,6 +142,18 @@ static void mnl_nft_set_sndbuffer(const struct mnl_socket *nl)
nlbuffsiz = newbuffsiz;
}
+static void mnl_nft_batch_reset(void)
+{
+ struct batch_page *batch_page, *next;
+
+ list_for_each_entry_safe(batch_page, next, &batch_page_list, head) {
+ list_del(&batch_page->head);
+ free(batch_page->batch);
+ free(batch_page);
+ batch_num_pages--;
+ }
+}
+
static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl)
{
static const struct sockaddr_nl snl = {
@@ -154,12 +166,12 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl)
.msg_iov = iov,
.msg_iovlen = batch_num_pages,
};
- struct batch_page *batch_page, *next;
- int i = 0;
+ struct batch_page *batch_page;
+ int i = 0, ret;
mnl_nft_set_sndbuffer(nl);
- list_for_each_entry_safe(batch_page, next, &batch_page_list, head) {
+ list_for_each_entry(batch_page, &batch_page_list, head) {
iov[i].iov_base = mnl_nlmsg_batch_head(batch_page->batch);
iov[i].iov_len = mnl_nlmsg_batch_size(batch_page->batch);
i++;
@@ -169,13 +181,12 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl)
mnl_nlmsg_batch_size(batch_page->batch),
sizeof(struct nfgenmsg));
#endif
- list_del(&batch_page->head);
- free(batch_page->batch);
- free(batch_page);
- batch_num_pages--;
}
- return sendmsg(mnl_socket_get_fd(nl), &msg, 0);
+ ret = sendmsg(mnl_socket_get_fd(nl), &msg, 0);
+ mnl_nft_batch_reset();
+
+ return ret;
}
static int cb_err(const struct nlmsghdr *nlh, void *data)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-09-30 17:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-30 17:35 [PATCH iptables-compat 1/2] iptables-compat: nft: use nft_batch_begin and nft_batch_end from libnftnl Pablo Neira Ayuso
2014-09-30 17:35 ` [PATCH iptables-compat 2/2] iptables-compat: fix use after free in the batch send path Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).