* [libnftnl PATCH 1/2] src: not create iterator with empty list @ 2015-01-09 12:47 Alvaro Neira Ayuso 2015-01-09 12:47 ` [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions Alvaro Neira Ayuso 2015-01-10 18:20 ` [libnftnl PATCH 1/2] src: not create iterator with empty list Pablo Neira Ayuso 0 siblings, 2 replies; 6+ messages in thread From: Alvaro Neira Ayuso @ 2015-01-09 12:47 UTC (permalink / raw) To: netfilter-devel Now, we create iterator without test if the list is empty. If the list is empty, we have a crash when we set up the current element. With this patch, we test if the list is empty before to create the iterator. If the list is empty the iterator return NULL. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> --- src/chain.c | 3 +++ src/rule.c | 6 ++++++ src/set.c | 3 +++ src/set_elem.c | 3 +++ src/table.c | 3 +++ 5 files changed, 18 insertions(+) diff --git a/src/chain.c b/src/chain.c index b67385e..e7de4ef 100644 --- a/src/chain.c +++ b/src/chain.c @@ -968,6 +968,9 @@ struct nft_chain_list_iter *nft_chain_list_iter_create(struct nft_chain_list *l) { struct nft_chain_list_iter *iter; + if (nft_chain_list_is_empty(l)) + return NULL; + iter = calloc(1, sizeof(struct nft_chain_list_iter)); if (iter == NULL) return NULL; diff --git a/src/rule.c b/src/rule.c index c974f8b..f5a84f7 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1038,6 +1038,9 @@ struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r) { struct nft_rule_expr_iter *iter; + if (list_empty(&r->expr_list)) + return NULL; + iter = calloc(1, sizeof(struct nft_rule_expr_iter)); if (iter == NULL) return NULL; @@ -1147,6 +1150,9 @@ struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l) { struct nft_rule_list_iter *iter; + if (nft_rule_list_is_empty(l)) + return NULL; + iter = calloc(1, sizeof(struct nft_rule_list_iter)); if (iter == NULL) return NULL; diff --git a/src/set.c b/src/set.c index 2385031..dee24a5 100644 --- a/src/set.c +++ b/src/set.c @@ -1015,6 +1015,9 @@ struct nft_set_list_iter *nft_set_list_iter_create(struct nft_set_list *l) { struct nft_set_list_iter *iter; + if (nft_set_list_is_empty(l)) + return NULL; + iter = calloc(1, sizeof(struct nft_set_list_iter)); if (iter == NULL) return NULL; diff --git a/src/set_elem.c b/src/set_elem.c index 95f12bf..85c4519 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -684,6 +684,9 @@ struct nft_set_elems_iter *nft_set_elems_iter_create(struct nft_set *s) { struct nft_set_elems_iter *iter; + if (list_empty(&s->element_list)) + return NULL; + iter = calloc(1, sizeof(struct nft_set_elems_iter)); if (iter == NULL) return NULL; diff --git a/src/table.c b/src/table.c index c93e6fb..544a8c3 100644 --- a/src/table.c +++ b/src/table.c @@ -539,6 +539,9 @@ struct nft_table_list_iter *nft_table_list_iter_create(struct nft_table_list *l) { struct nft_table_list_iter *iter; + if (nft_table_list_is_empty(l)) + return NULL; + iter = calloc(1, sizeof(struct nft_table_list_iter)); if (iter == NULL) return NULL; -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions 2015-01-09 12:47 [libnftnl PATCH 1/2] src: not create iterator with empty list Alvaro Neira Ayuso @ 2015-01-09 12:47 ` Alvaro Neira Ayuso 2015-01-10 18:23 ` Pablo Neira Ayuso 2015-01-10 18:20 ` [libnftnl PATCH 1/2] src: not create iterator with empty list Pablo Neira Ayuso 1 sibling, 1 reply; 6+ messages in thread From: Alvaro Neira Ayuso @ 2015-01-09 12:47 UTC (permalink / raw) To: netfilter-devel Rename variables to use more intuitive name like table, chain, rule or set. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> --- src/ruleset.c | 100 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/src/ruleset.c b/src/ruleset.c index 6bb7582..a397824 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -137,7 +137,7 @@ static int nft_ruleset_json_parse_tables(struct nft_ruleset *rs, json_t *array, { int i, len; json_t *node; - struct nft_table *o; + struct nft_table *table; struct nft_table_list *list = nft_table_list_alloc(); if (list == NULL) { @@ -156,18 +156,18 @@ static int nft_ruleset_json_parse_tables(struct nft_ruleset *rs, json_t *array, if (!(nft_jansson_node_exist(node, "table"))) continue; - o = nft_table_alloc(); - if (o == NULL) { + table = nft_table_alloc(); + if (table == NULL) { errno = ENOMEM; goto err; } - if (nft_jansson_parse_table(o, node, err) < 0) { - nft_table_free(o); + if (nft_jansson_parse_table(table, node, err) < 0) { + nft_table_free(table); goto err; } - nft_table_list_add_tail(o, list); + nft_table_list_add_tail(table, list); } if (!nft_table_list_is_empty(list)) @@ -186,7 +186,7 @@ static int nft_ruleset_json_parse_chains(struct nft_ruleset *rs, json_t *array, { int i, len; json_t *node; - struct nft_chain *o; + struct nft_chain *chain; struct nft_chain_list *list = nft_chain_list_alloc(); if (list == NULL) { @@ -205,18 +205,18 @@ static int nft_ruleset_json_parse_chains(struct nft_ruleset *rs, json_t *array, if (!(nft_jansson_node_exist(node, "chain"))) continue; - o = nft_chain_alloc(); - if (o == NULL) { + chain = nft_chain_alloc(); + if (chain == NULL) { errno = ENOMEM; goto err; } - if (nft_jansson_parse_chain(o, node, err) < 0) { - nft_chain_free(o); + if (nft_jansson_parse_chain(chain, node, err) < 0) { + nft_chain_free(chain); goto err; } - nft_chain_list_add_tail(o, list); + nft_chain_list_add_tail(chain, list); } if (!nft_chain_list_is_empty(list)) @@ -236,7 +236,7 @@ static int nft_ruleset_json_parse_sets(struct nft_ruleset *rs, json_t *array, int i, len; uint32_t set_id = 0; json_t *node; - struct nft_set *s = NULL; + struct nft_set *set; struct nft_set_list *list = nft_set_list_alloc(); if (list == NULL) { @@ -255,19 +255,19 @@ static int nft_ruleset_json_parse_sets(struct nft_ruleset *rs, json_t *array, if (!(nft_jansson_node_exist(node, "set"))) continue; - s = nft_set_alloc(); - if (s == NULL) { + set = nft_set_alloc(); + if (set == NULL) { errno = ENOMEM; goto err; } - if (nft_jansson_parse_set(s, node, err) < 0) { - nft_set_free(s); + if (nft_jansson_parse_set(set, node, err) < 0) { + nft_set_free(set); goto err; } - nft_set_attr_set_u32(s, NFT_SET_ATTR_ID, set_id++); - nft_set_list_add_tail(s, list); + nft_set_attr_set_u32(set, NFT_SET_ATTR_ID, set_id++); + nft_set_list_add_tail(set, list); } if (!nft_set_list_is_empty(list)) @@ -286,7 +286,7 @@ static int nft_ruleset_json_parse_rules(struct nft_ruleset *rs, json_t *array, { int i, len; json_t *node; - struct nft_rule *o = NULL; + struct nft_rule *rule = NULL; struct nft_rule_list *list = nft_rule_list_alloc(); if (list == NULL) { @@ -305,18 +305,18 @@ static int nft_ruleset_json_parse_rules(struct nft_ruleset *rs, json_t *array, if (!(nft_jansson_node_exist(node, "rule"))) continue; - o = nft_rule_alloc(); - if (o == NULL) { + rule = nft_rule_alloc(); + if (rule == NULL) { errno = ENOMEM; goto err; } - if (nft_jansson_parse_rule(o, node, err, rs->set_list) < 0) { - nft_rule_free(o); + if (nft_jansson_parse_rule(rule, node, err, rs->set_list) < 0) { + nft_rule_free(rule); goto err; } - nft_rule_list_add_tail(o, list); + nft_rule_list_add_tail(rule, list); } if (!nft_rule_list_is_empty(list)) @@ -378,7 +378,7 @@ nft_ruleset_xml_parse_tables(struct nft_ruleset *rs, mxml_node_t *tree, struct nft_parse_err *err) { mxml_node_t *node; - struct nft_table *t; + struct nft_table *table; struct nft_table_list *table_list = nft_table_list_alloc(); if (table_list == NULL) { errno = ENOMEM; @@ -390,16 +390,16 @@ nft_ruleset_xml_parse_tables(struct nft_ruleset *rs, mxml_node_t *tree, node != NULL; node = mxmlFindElement(node, tree, "table", NULL, NULL, MXML_NO_DESCEND)) { - t = nft_table_alloc(); - if (t == NULL) + table = nft_table_alloc(); + if (table == NULL) goto err_free; - if (nft_mxml_table_parse(node, t, err) != 0) { - nft_table_free(t); + if (nft_mxml_table_parse(node, table, err) != 0) { + nft_table_free(table); goto err_free; } - nft_table_list_add_tail(t, table_list); + nft_table_list_add_tail(table, table_list); } if (!nft_table_list_is_empty(table_list)) @@ -419,7 +419,7 @@ nft_ruleset_xml_parse_chains(struct nft_ruleset *rs, mxml_node_t *tree, struct nft_parse_err *err) { mxml_node_t *node; - struct nft_chain *c; + struct nft_chain *chain; struct nft_chain_list *chain_list = nft_chain_list_alloc(); if (chain_list == NULL) { errno = ENOMEM; @@ -431,16 +431,16 @@ nft_ruleset_xml_parse_chains(struct nft_ruleset *rs, mxml_node_t *tree, node != NULL; node = mxmlFindElement(node, tree, "chain", NULL, NULL, MXML_NO_DESCEND)) { - c = nft_chain_alloc(); - if (c == NULL) + chain = nft_chain_alloc(); + if (chain == NULL) goto err_free; - if (nft_mxml_chain_parse(node, c, err) != 0) { - nft_chain_free(c); + if (nft_mxml_chain_parse(node, chain, err) != 0) { + nft_chain_free(chain); goto err_free; } - nft_chain_list_add_tail(c, chain_list); + nft_chain_list_add_tail(chain, chain_list); } if (!nft_chain_list_is_empty(chain_list)) @@ -461,7 +461,7 @@ nft_ruleset_xml_parse_sets(struct nft_ruleset *rs, mxml_node_t *tree, { uint32_t set_id = 0; mxml_node_t *node; - struct nft_set *s; + struct nft_set *set; struct nft_set_list *set_list = nft_set_list_alloc(); if (set_list == NULL) { errno = ENOMEM; @@ -473,17 +473,17 @@ nft_ruleset_xml_parse_sets(struct nft_ruleset *rs, mxml_node_t *tree, node != NULL; node = mxmlFindElement(node, tree, "set", NULL, NULL, MXML_NO_DESCEND)) { - s = nft_set_alloc(); - if (s == NULL) + set = nft_set_alloc(); + if (set == NULL) goto err_free; - if (nft_mxml_set_parse(node, s, err) != 0) { - nft_set_free(s); + if (nft_mxml_set_parse(node, set, err) != 0) { + nft_set_free(set); goto err_free; } - nft_set_attr_set_u32(s, NFT_SET_ATTR_ID, set_id++); - nft_set_list_add_tail(s, set_list); + nft_set_attr_set_u32(set, NFT_SET_ATTR_ID, set_id++); + nft_set_list_add_tail(set, set_list); } if (!nft_set_list_is_empty(set_list)) @@ -503,7 +503,7 @@ nft_ruleset_xml_parse_rules(struct nft_ruleset *rs, mxml_node_t *tree, struct nft_set_list *set_list) { mxml_node_t *node; - struct nft_rule *r; + struct nft_rule *rule; struct nft_rule_list *rule_list = nft_rule_list_alloc(); if (rule_list == NULL) { errno = ENOMEM; @@ -515,16 +515,16 @@ nft_ruleset_xml_parse_rules(struct nft_ruleset *rs, mxml_node_t *tree, node != NULL; node = mxmlFindElement(node, tree, "rule", NULL, NULL, MXML_NO_DESCEND)) { - r = nft_rule_alloc(); - if (r == NULL) + rule = nft_rule_alloc(); + if (rule == NULL) goto err_free; - if (nft_mxml_rule_parse(node, r, err, set_list) != 0) { - nft_rule_free(r); + if (nft_mxml_rule_parse(node, rule, err, set_list) != 0) { + nft_rule_free(rule); goto err_free; } - nft_rule_list_add_tail(r, rule_list); + nft_rule_list_add_tail(rule, rule_list); } if (!nft_rule_list_is_empty(rule_list)) -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions 2015-01-09 12:47 ` [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions Alvaro Neira Ayuso @ 2015-01-10 18:23 ` Pablo Neira Ayuso 0 siblings, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2015-01-10 18:23 UTC (permalink / raw) To: Alvaro Neira Ayuso; +Cc: netfilter-devel On Fri, Jan 09, 2015 at 01:47:41PM +0100, Alvaro Neira Ayuso wrote: > Rename variables to use more intuitive name like table, chain, rule or set. Applied, thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [libnftnl PATCH 1/2] src: not create iterator with empty list 2015-01-09 12:47 [libnftnl PATCH 1/2] src: not create iterator with empty list Alvaro Neira Ayuso 2015-01-09 12:47 ` [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions Alvaro Neira Ayuso @ 2015-01-10 18:20 ` Pablo Neira Ayuso 2015-01-10 18:26 ` Álvaro Neira Ayuso 1 sibling, 1 reply; 6+ messages in thread From: Pablo Neira Ayuso @ 2015-01-10 18:20 UTC (permalink / raw) To: Alvaro Neira Ayuso; +Cc: netfilter-devel On Fri, Jan 09, 2015 at 01:47:40PM +0100, Alvaro Neira Ayuso wrote: > Now, we create iterator without test if the list is empty. If the list > is empty, we have a crash when we set up the current element. > With this patch, we test if the list is empty before to create the iterator. If > the list is empty the iterator return NULL. Please, handle this from the _next() function. The idea is to set iter->cur to NULL if the list is empty from iter_create, ie. if (iter->r->expr_list.next == &iter->r.expr_list) iter->cur = NULL; else iter->cur = list_entry(...); Then, from _next() you check for: if (expr == NULL) return NULL; > Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> > --- > src/chain.c | 3 +++ > src/rule.c | 6 ++++++ > src/set.c | 3 +++ > src/set_elem.c | 3 +++ > src/table.c | 3 +++ I can count up to six iterator interfaces, I only see 5 here, please make sure you adapt all spots. Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [libnftnl PATCH 1/2] src: not create iterator with empty list 2015-01-10 18:20 ` [libnftnl PATCH 1/2] src: not create iterator with empty list Pablo Neira Ayuso @ 2015-01-10 18:26 ` Álvaro Neira Ayuso 2015-01-10 18:51 ` Pablo Neira Ayuso 0 siblings, 1 reply; 6+ messages in thread From: Álvaro Neira Ayuso @ 2015-01-10 18:26 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel El 10/01/15 a las 19:20, Pablo Neira Ayuso escribió: > On Fri, Jan 09, 2015 at 01:47:40PM +0100, Alvaro Neira Ayuso wrote: >> Now, we create iterator without test if the list is empty. If the list >> is empty, we have a crash when we set up the current element. >> With this patch, we test if the list is empty before to create the iterator. If >> the list is empty the iterator return NULL. > > Please, handle this from the _next() function. > > The idea is to set iter->cur to NULL if the list is empty from > iter_create, ie. > > if (iter->r->expr_list.next == &iter->r.expr_list) > iter->cur = NULL; > else > iter->cur = list_entry(...); > > Then, from _next() you check for: > > if (expr == NULL) > return NULL; Ok, nice idea. > >> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> >> --- >> src/chain.c | 3 +++ >> src/rule.c | 6 ++++++ >> src/set.c | 3 +++ >> src/set_elem.c | 3 +++ >> src/table.c | 3 +++ > > I can count up to six iterator interfaces, I only see 5 here, please > make sure you adapt all spots. Thanks. > mmm yes and I have changed the code in the six iterator interfaces. I have changed: - nft_chain_list_iter_create - nft_rule_expr_iter_create - nft_rule_list_iter_create - nft_set_list_iter_create - nft_set_elems_iter_create - nft_table_list_iter_create Have I forgot any? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [libnftnl PATCH 1/2] src: not create iterator with empty list 2015-01-10 18:26 ` Álvaro Neira Ayuso @ 2015-01-10 18:51 ` Pablo Neira Ayuso 0 siblings, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2015-01-10 18:51 UTC (permalink / raw) To: Álvaro Neira Ayuso; +Cc: netfilter-devel On Sat, Jan 10, 2015 at 07:26:38PM +0100, Álvaro Neira Ayuso wrote: > El 10/01/15 a las 19:20, Pablo Neira Ayuso escribió: > >On Fri, Jan 09, 2015 at 01:47:40PM +0100, Alvaro Neira Ayuso wrote: > >>Now, we create iterator without test if the list is empty. If the list > >>is empty, we have a crash when we set up the current element. > >>With this patch, we test if the list is empty before to create the iterator. If > >>the list is empty the iterator return NULL. > > > >Please, handle this from the _next() function. > > > >The idea is to set iter->cur to NULL if the list is empty from > >iter_create, ie. > > > > if (iter->r->expr_list.next == &iter->r.expr_list) > > iter->cur = NULL; > > else > > iter->cur = list_entry(...); > > > >Then, from _next() you check for: > > > > if (expr == NULL) > > return NULL; > > Ok, nice idea. > > > > >>Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> > >>--- > >> src/chain.c | 3 +++ > >> src/rule.c | 6 ++++++ > >> src/set.c | 3 +++ > >> src/set_elem.c | 3 +++ > >> src/table.c | 3 +++ > > > >I can count up to six iterator interfaces, I only see 5 here, please > >make sure you adapt all spots. Thanks. > > > > mmm yes and I have changed the code in the six iterator interfaces. > I have changed: Oh your right, sorry for the noise. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-01-10 18:48 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-01-09 12:47 [libnftnl PATCH 1/2] src: not create iterator with empty list Alvaro Neira Ayuso 2015-01-09 12:47 ` [libnftnl PATCH 2/2] ruleset: clean up the variable names in the xml/json parsing functions Alvaro Neira Ayuso 2015-01-10 18:23 ` Pablo Neira Ayuso 2015-01-10 18:20 ` [libnftnl PATCH 1/2] src: not create iterator with empty list Pablo Neira Ayuso 2015-01-10 18:26 ` Álvaro Neira Ayuso 2015-01-10 18:51 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).