* [PATCH ulogd2] ulogd: ignore private data on plugin stop
@ 2025-03-08 21:37 Corubba Smith
0 siblings, 0 replies; only message in thread
From: Corubba Smith @ 2025-03-08 21:37 UTC (permalink / raw)
To: netfilter-devel
When deciding whether to call the stop hook of a plugin instance, only
two things are relevant: If the plugin actually has a stop hook defined,
and if the plugin instance is still used in a different stack. The
private data of a plugin instance is opaque to ulogd, so its size or
content are irrelevant to the stop-hook decision. And in the same vein
should ulogd never write to it.
The one-null-byte write could previously lead to an out-of-bounds write
on plugins with a stop hook and zero-size private data.
Signed-off-by: Corubba Smith <corubba@gmx.de>
---
src/ulogd.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/ulogd.c b/src/ulogd.c
index 6c5ff9a..9a0060d 100644
--- a/src/ulogd.c
+++ b/src/ulogd.c
@@ -1327,12 +1327,10 @@ static void stop_pluginstances()
llist_for_each_entry(stack, &ulogd_pi_stacks, stack_list) {
llist_for_each_entry_safe(pi, npi, &stack->list, list) {
- if ((pi->plugin->priv_size > 0 || *pi->plugin->stop) &&
- pluginstance_stop(pi)) {
+ if (*pi->plugin->stop && pluginstance_stop(pi)) {
ulogd_log(ULOGD_DEBUG, "calling stop for %s\n",
pi->plugin->name);
(*pi->plugin->stop)(pi);
- pi->private[0] = 0;
}
/* NB: plugin->stop() might access other plugin instances,
--
2.48.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-03-08 21:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-08 21:37 [PATCH ulogd2] ulogd: ignore private data on plugin stop Corubba Smith
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).