From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?=C1lvaro_Neira_Ayuso?= Subject: Re: [nft PATCH 1/4 v2] evaluate: fix a crash if we specify ether type or meta nfproto in reject Date: Fri, 17 Oct 2014 15:02:07 +0200 Message-ID: <5441134F.6020104@gmail.com> References: <1413548677-10287-1-git-send-email-alvaroneay@gmail.com> <20141017125538.GC3644@salvia> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: netfilter-devel@vger.kernel.org, kaber@trash.net To: Pablo Neira Ayuso Return-path: Received: from mail-wi0-f179.google.com ([209.85.212.179]:54941 "EHLO mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751251AbaJQNBw (ORCPT ); Fri, 17 Oct 2014 09:01:52 -0400 Received: by mail-wi0-f179.google.com with SMTP id d1so1199398wiv.0 for ; Fri, 17 Oct 2014 06:01:51 -0700 (PDT) In-Reply-To: <20141017125538.GC3644@salvia> Sender: netfilter-devel-owner@vger.kernel.org List-ID: El 17/10/14 14:55, Pablo Neira Ayuso escribi=F3: > On Fri, Oct 17, 2014 at 02:24:34PM +0200, Alvaro Neira Ayuso wrote: >> If we use a rule: >> nft add rule bridge filter input \ >> ether type ip reject with icmp type host-unreachable >> >> or this: >> >> nft add rule inet filter input \ >> meta nfproto ipv4 reject with icmp type host-unreachable >> >> we have a segfault because we add a network dependency when we alrea= dy have >> network context. >> >> Signed-off-by: Alvaro Neira Ayuso >> --- >> [changes in v2] >> * Fixed a incorrect refactor when we check the family in bridge >> >> src/evaluate.c | 57 ++++++++++++++++++++++++++++++++++++++++++++= +++++++++++- >> 1 file changed, 56 insertions(+), 1 deletion(-) >> >> diff --git a/src/evaluate.c b/src/evaluate.c >> index 83ef749..4b7bda9 100644 >> --- a/src/evaluate.c >> +++ b/src/evaluate.c >> @@ -19,6 +19,7 @@ >> #include >> #include >> #include >> +#include >> >> #include >> #include >> @@ -1193,6 +1194,8 @@ static int stmt_reject_gen_dependency(struct e= val_ctx *ctx, struct stmt *stmt, >> BUG("cannot generate reject dependency for type %d", >> stmt->reject.type); >> } >> + if (payload =3D=3D NULL) >> + return 0; > > Why this check? If we already have context, the previously functions return a NULL=20 payload. Therefore, if we try to create a dependency with this NULL=20 payload, we have a crash. > >> if (payload_gen_dependency(ctx, payload, &nstmt) < 0) >> return -1; -- To unsubscribe from this list: send the line "unsubscribe netfilter-dev= el" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html