| Message ID | 1464167637-7996-1-git-send-email-pablo@netfilter.org |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
On Wed, May 25, 2016 at 11:13:57AM +0200, Pablo Neira Ayuso wrote: > Compare the helper name up to the dash, so we can catch if the user has > supplied duplicated ports via module parameters. > > Reported-by: Feng Gao <gfree.wind@gmail.com> > Reported-by: Taehee Yoo <ap420073@gmail.com> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > --- > net/netfilter/nf_conntrack_helper.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c > index 3b40ec5..94f36f2 100644 > --- a/net/netfilter/nf_conntrack_helper.c > +++ b/net/netfilter/nf_conntrack_helper.c > @@ -361,9 +361,10 @@ EXPORT_SYMBOL_GPL(nf_ct_helper_log); > > int nf_conntrack_helper_register(struct nf_conntrack_helper *me) > { > - int ret = 0; > struct nf_conntrack_helper *cur; > unsigned int h = helper_hash(&me->tuple); > + const char *slash; > + int len, ret = 0; > > BUG_ON(me->expect_policy == NULL); > BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES); > @@ -371,7 +372,13 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) > > mutex_lock(&nf_ct_helper_mutex); > hlist_for_each_entry(cur, &nf_ct_helper_hash[h], hnode) { > - if (strncmp(cur->name, me->name, NF_CT_HELPER_NAME_LEN) == 0 && > + slash = strchr(cur->name, '-'); I'm discarding this, we have a valid helper using dash in the name. net/netfilter/nf_conntrack_netbios_ns.c: .name = "netbios-ns", Will send a new version of this patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 3b40ec5..94f36f2 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -361,9 +361,10 @@ EXPORT_SYMBOL_GPL(nf_ct_helper_log); int nf_conntrack_helper_register(struct nf_conntrack_helper *me) { - int ret = 0; struct nf_conntrack_helper *cur; unsigned int h = helper_hash(&me->tuple); + const char *slash; + int len, ret = 0; BUG_ON(me->expect_policy == NULL); BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES); @@ -371,7 +372,13 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) mutex_lock(&nf_ct_helper_mutex); hlist_for_each_entry(cur, &nf_ct_helper_hash[h], hnode) { - if (strncmp(cur->name, me->name, NF_CT_HELPER_NAME_LEN) == 0 && + slash = strchr(cur->name, '-'); + if (slash) + len = slash - cur->name; + else + len = NF_CT_HELPER_NAME_LEN; + + if (strncmp(cur->name, me->name, len) == 0 && cur->tuple.src.l3num == me->tuple.src.l3num && cur->tuple.dst.protonum == me->tuple.dst.protonum) { ret = -EEXIST;
Compare the helper name up to the dash, so we can catch if the user has supplied duplicated ports via module parameters. Reported-by: Feng Gao <gfree.wind@gmail.com> Reported-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nf_conntrack_helper.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)