diff mbox

[BUG] libnftables: NULL pointer dereference in nft_expr_ops_lookup

Message ID 20131025150436.GA7536@localhost
State Accepted
Delegated to: Jozsef Kadlecsik
Headers show

Commit Message

Pablo Neira Ayuso Oct. 25, 2013, 3:04 p.m. UTC 
Hi Jiri,

On Fri, Oct 25, 2013 at 03:27:35PM +0200, Jiri Benc wrote:
> Hi,
> 
> using both the latest (git) libnftables and nftables, I got:
> 
> [root@localhost ~]# nft add rule ip filter input tcp dport 81 reject
> Segmentation fault (core dumped)
> 
> (gdb) bt
> #0  0x00007fb7890c1364 in __strcmp_sse2 () from /lib64/libc.so.6
> #1  0x00007fb78960bfa4 in nft_expr_ops_lookup (name=name@entry=0x0) at expr_ops.c:18
> #2  0x00007fb78960bc56 in nft_rule_expr_alloc (name=name@entry=0x0) at expr.c:34
> #3  0x000000000040db29 in alloc_nft_expr (name=name@entry=0x0) at src/netlink.c:118
> #4  0x0000000000410117 in netlink_gen_reject_stmt (ctx=<optimized out>, stmt=<optimized out>)
>     at src/netlink_linearize.c:564
> #5  netlink_gen_stmt (stmt=0xb106f0, ctx=0x7fff734c4690) at src/netlink_linearize.c:651
> #6  netlink_linearize_rule (ctx=ctx@entry=0x7fff734c4730, nlr=nlr@entry=0xb10520, rule=rule@entry=0xb10760)
>     at src/netlink_linearize.c:670
> #7  0x000000000040e25b in netlink_add_rule_batch (ctx=0x7fff734c4730, h=<optimized out>, rule=0xb10760, flags=2048)
>     at src/netlink.c:320
> #8  0x00000000004056ec in nft_netlink (msgs=0x7fff734c48b0, state=0x7fff734c48c0) at src/main.c:167
> #9  nft_run (scanner=scanner@entry=0xb102c0, state=state@entry=0x7fff734c48c0, msgs=msgs@entry=0x7fff734c48b0)
>     at src/main.c:214
> #10 0x00000000004052e5 in main (argc=10, argv=<optimized out>) at src/main.c:321
> 
> 
> Looking into the code, netlink_gen_reject_stmt calls
> alloc_nft_expr(NULL), the NULL propagates to strcmp in
> nft_expr_ops_lookup.

reject support was never finished. Please, find enclosed patches for
libnftables and nft.

ICMP code support is still missing, perhaps you want to investigate
how to add it to nft. It should be a small follow up patch.

Comments

Jiri Benc Oct. 25, 2013, 3:46 p.m. UTC | #1 
On Fri, 25 Oct 2013 17:04:36 +0200, Pablo Neira Ayuso wrote:
> reject support was never finished. Please, find enclosed patches for
> libnftables and nft.

That was fast, thanks! Seems to work.

Tested-by: Jiri Benc <jbenc@redhat.com>

> ICMP code support is still missing, perhaps you want to investigate
> how to add it to nft. It should be a small follow up patch.

Yes, that would be useful. I may look into that but no promises as of
when. Feel free to beat me.

 Jiri
Pablo Neira Ayuso Oct. 27, 2013, 8:21 p.m. UTC | #2 
On Fri, Oct 25, 2013 at 05:46:51PM +0200, Jiri Benc wrote:
> On Fri, 25 Oct 2013 17:04:36 +0200, Pablo Neira Ayuso wrote:
> > reject support was never finished. Please, find enclosed patches for
> > libnftables and nft.
> 
> That was fast, thanks! Seems to work.
> 
> Tested-by: Jiri Benc <jbenc@redhat.com>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

From 41fbf2fd89a166bb3bb8d7d11bf790aa6011fcd1 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 25 Oct 2013 17:01:58 +0200
Subject: [PATCH nft] netlink_linearize: finish reject support

This patch finishes the reject support.

Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_linearize.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index c1d1a9a..96ffe68 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -692,7 +692,9 @@  static void netlink_gen_reject_stmt(struct netlink_linearize_ctx *ctx,
 {
 	struct nft_rule_expr *nle;
 
-	nle = alloc_nft_expr(NULL);
+	nle = alloc_nft_expr("reject");
+	nft_rule_expr_set_u32(nle, NFT_EXPR_REJECT_TYPE, stmt->reject.type);
+	nft_rule_expr_set_u8(nle, NFT_EXPR_REJECT_CODE, 0);
 	nft_rule_add_expr(ctx->nlr, nle);
 }
 
-- 
1.7.10.4