netfilter 04/05: xtables: compat out of scope fix

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
	netfilter-devel@vger.kernel.org
Subject: netfilter 04/05: xtables: compat out of scope fix
Date: Mon,  8 Feb 2010 18:10:31 +0100 (MET)	[thread overview]
Message-ID: <20100208171029.15522.33495.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20100208171024.15522.8136.sendpatchset@x2.localnet>

commit dab1531a07ad7c5be4ebe715a3d08742f0c638e3
Author: Alexey Dobriyan <adobriyan@gmail.com>
Date:   Mon Feb 8 15:44:07 2010 +0100

    netfilter: xtables: compat out of scope fix
    
    As per C99 6.2.4(2) when temporary table data goes out of scope,
    the behaviour is undefined:
    
    	if (compat) {
    		struct foo tmp;
    		...
    		private = &tmp;
    	}
    	[dereference private]
    
    Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
    Cc: stable@kernel.org
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 0663276..90203e1 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
 	if (t && !IS_ERR(t)) {
 		struct arpt_getinfo info;
 		const struct xt_table_info *private = t->private;
-
 #ifdef CONFIG_COMPAT
+		struct xt_table_info tmp;
+
 		if (compat) {
-			struct xt_table_info tmp;
 			ret = compat_table_info(private, &tmp);
 			xt_compat_flush_offsets(NFPROTO_ARP);
 			private = &tmp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 572330a..3ce53cf 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
 	if (t && !IS_ERR(t)) {
 		struct ipt_getinfo info;
 		const struct xt_table_info *private = t->private;
-
 #ifdef CONFIG_COMPAT
+		struct xt_table_info tmp;
+
 		if (compat) {
-			struct xt_table_info tmp;
 			ret = compat_table_info(private, &tmp);
 			xt_compat_flush_offsets(AF_INET);
 			private = &tmp;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 480d7f8..8a7e0f5 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
 	if (t && !IS_ERR(t)) {
 		struct ip6t_getinfo info;
 		const struct xt_table_info *private = t->private;
-
 #ifdef CONFIG_COMPAT
+		struct xt_table_info tmp;
+
 		if (compat) {
-			struct xt_table_info tmp;
 			ret = compat_table_info(private, &tmp);
 			xt_compat_flush_offsets(AF_INET6);
 			private = &tmp;

next prev parent reply	other threads:[~2010-02-08 17:10 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-08 17:10 netfilter 00/05: netfilter fixes Patrick McHardy
2010-02-08 17:10 ` netfilter 01/05: nf_conntrack: fix memory corruption with multiple namespaces Patrick McHardy
2010-02-08 17:10 ` netfilter 02/05: nf_conntrack: per netns nf_conntrack_cachep Patrick McHardy
2010-02-08 17:10 ` netfilter 03/05: nf_conntrack: restrict runtime expect hashsize modifications Patrick McHardy
2010-02-08 17:10 ` Patrick McHardy [this message]
2010-02-08 17:10 ` netfilter 05/05: nf_conntrack: fix hash resizing with namespaces Patrick McHardy
2010-02-08 19:15 ` netfilter 00/05: netfilter fixes David Miller
2010-02-09 17:33   ` Patrick McHardy
2010-02-09 18:19     ` Jan Engelhardt
2010-02-10 13:52       ` Patrick McHardy
2010-02-09 20:38     ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0663276 dfblob:90203e1 dfblob:572330a dfblob:3ce53cf
dfblob:480d7f8 dfblob:8a7e0f5 )
 OR (
bs:"netfilter 04/05: xtables: compat out of scope fix" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100208171029.15522.33495.sendpatchset@x2.localnet \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).