Patchwork [iptables-nftables] nft: Calculate properly the target size when parsing it back

login
register
mail settings
Submitter Tomasz Bursztyka
Date Oct. 3, 2013, 1 p.m.
Message ID <1380805259-12404-1-git-send-email-tomasz.bursztyka@linux.intel.com>
Download mbox | patch
Permalink /patch/280299/
State Accepted
Headers show

Comments

Tomasz Bursztyka - Oct. 3, 2013, 1 p.m.
Without this, we might allocate less space for the xt_entry_target as we
should, thus leading to a possible bug.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
 iptables/nft-shared.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
Pablo Neira - Oct. 3, 2013, 4:06 p.m.
On Thu, Oct 03, 2013 at 04:00:59PM +0300, Tomasz Bursztyka wrote:
> Without this, we might allocate less space for the xt_entry_target as we
> should, thus leading to a possible bug.

Applied, thanks.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c9bde90..25cb177 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -292,18 +292,21 @@  void nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter,
 	struct xtables_target *target;
 	struct xt_entry_target *t;
 	struct nft_family_ops *ops;
+	size_t size;
 
 	target = xtables_find_target(targname, XTF_TRY_LOAD);
 	if (target == NULL)
 		return;
 
-	t = calloc(1, sizeof(struct xt_entry_target) + tg_len);
+	size = XT_ALIGN(sizeof(struct xt_entry_target)) + tg_len;
+
+	t = calloc(1, size);
 	if (t == NULL) {
 		fprintf(stderr, "OOM");
 		exit(EXIT_FAILURE);
 	}
 	memcpy(&t->data, targinfo, tg_len);
-	t->u.target_size = tg_len + XT_ALIGN(sizeof(struct xt_entry_target));
+	t->u.target_size = size;
 	t->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
 	strcpy(t->u.user.name, target->name);