Patchwork [3/6] netfilter: limit the length of the helper name

login
register
mail settings
Submitter holger@eitzenberger.org
Date March 16, 2009, 10:07 p.m.
Message ID <20090316221138.326410717@jonathan.eitzenberger.org>
Download mbox | patch
Permalink /patch/24533/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

holger@eitzenberger.org - March 16, 2009, 10:07 p.m.
This is necessary in order to have an upper bound for Netlink
message calculation, which is not a problem at all, as there
are no helpers with a longer name.

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Patrick McHardy - March 25, 2009, 5:32 p.m.
Holger Eitzenberger wrote:
> This is necessary in order to have an upper bound for Netlink
> message calculation, which is not a problem at all, as there
> are no helpers with a longer name.
> 
> Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
> 
> Index: net-next-2.6/include/net/netfilter/nf_conntrack_helper.h
> ===================================================================
> --- net-next-2.6.orig/include/net/netfilter/nf_conntrack_helper.h
> +++ net-next-2.6/include/net/netfilter/nf_conntrack_helper.h
> @@ -14,6 +14,8 @@
>  
>  struct module;
>  
> +#define NF_CT_HELPER_NAME_LEN	16
> +
>  struct nf_conntrack_helper
>  {
>  	struct hlist_node hnode;	/* Internal use. */
> Index: net-next-2.6/net/netfilter/nf_conntrack_helper.c
> ===================================================================
> --- net-next-2.6.orig/net/netfilter/nf_conntrack_helper.c
> +++ net-next-2.6/net/netfilter/nf_conntrack_helper.c
> @@ -142,6 +142,7 @@ int nf_conntrack_helper_register(struct 
>  
>  	BUG_ON(me->expect_policy == NULL);
>  	BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES);
> +	BUG_ON(strlen(me->name) >= NF_CT_HELPER_NAME_LEN - 1);

This appears to be an off-by-one. A strlen of exactly
NF_CT_HELPER_NAME_LEN - 1 would be fine, right?

No need to resend, just let me know whether I should change it.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
holger@eitzenberger.org - March 25, 2009, 5:41 p.m.
On Wed, Mar 25, 2009 at 06:32:26PM +0100, Patrick McHardy wrote:

> This appears to be an off-by-one. A strlen of exactly
> NF_CT_HELPER_NAME_LEN - 1 would be fine, right?
> 
> No need to resend, just let me know whether I should change it.

Yes please, feel free to change it :).

 /holger


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy - March 25, 2009, 5:44 p.m.
Holger Eitzenberger wrote:
> On Wed, Mar 25, 2009 at 06:32:26PM +0100, Patrick McHardy wrote:
> 
>> This appears to be an off-by-one. A strlen of exactly
>> NF_CT_HELPER_NAME_LEN - 1 would be fine, right?
>>
>> No need to resend, just let me know whether I should change it.
> 
> Yes please, feel free to change it :).

Done and applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

Index: net-next-2.6/include/net/netfilter/nf_conntrack_helper.h
===================================================================
--- net-next-2.6.orig/include/net/netfilter/nf_conntrack_helper.h
+++ net-next-2.6/include/net/netfilter/nf_conntrack_helper.h
@@ -14,6 +14,8 @@ 
 
 struct module;
 
+#define NF_CT_HELPER_NAME_LEN	16
+
 struct nf_conntrack_helper
 {
 	struct hlist_node hnode;	/* Internal use. */
Index: net-next-2.6/net/netfilter/nf_conntrack_helper.c
===================================================================
--- net-next-2.6.orig/net/netfilter/nf_conntrack_helper.c
+++ net-next-2.6/net/netfilter/nf_conntrack_helper.c
@@ -142,6 +142,7 @@  int nf_conntrack_helper_register(struct 
 
 	BUG_ON(me->expect_policy == NULL);
 	BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES);
+	BUG_ON(strlen(me->name) >= NF_CT_HELPER_NAME_LEN - 1);
 
 	mutex_lock(&nf_ct_helper_mutex);
 	hlist_add_head_rcu(&me->hnode, &nf_ct_helper_hash[h]);