From patchwork Mon Apr 16 01:21:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jack Ma X-Patchwork-Id: 898402 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=alliedtelesis.co.nz Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=alliedtelesis.co.nz header.i=@alliedtelesis.co.nz header.b="rqyvcQ4p"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40PVvW1KHnz9ryr for ; Mon, 16 Apr 2018 11:21:11 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752639AbeDPBVJ (ORCPT ); Sun, 15 Apr 2018 21:21:09 -0400 Received: from gate2.alliedtelesis.co.nz ([202.36.163.20]:46332 "EHLO gate2.alliedtelesis.co.nz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752552AbeDPBVJ (ORCPT ); Sun, 15 Apr 2018 21:21:09 -0400 Received: from mmarshal3.atlnz.lc (mmarshal3.atlnz.lc [10.32.18.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by gate2.alliedtelesis.co.nz (Postfix) with ESMTPS id D7DB08364E; Mon, 16 Apr 2018 13:21:06 +1200 (NZST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alliedtelesis.co.nz; s=mail; t=1523841666; bh=94E4ZKtj3ZW+n/+eE+EoiLfLXS2bmCJOd+xs3DvVATM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=rqyvcQ4piYxHHPIV0rLar74e5wjIoYl+1NEdm8uW2eOkVROqfreL/Qgh7Ivov2EZk vR5qscAcYzfX+u/NpPK8Ys7ij3xsa+QE3fOkgqu5+RHyG2qarOAFa0cv4TNfrN9woZ Sdzvkx4Y3wTtnTE7XMZqMJEgheAgcOIrP2eQvVmc= Received: from smtp (Not Verified[10.32.16.33]) by mmarshal3.atlnz.lc with Trustwave SEG (v7, 5, 8, 10121) id ; Mon, 16 Apr 2018 13:21:05 +1200 Received: from jackm-dl.ws.atlnz.lc (jackm-dl.ws.atlnz.lc [10.33.21.13]) by smtp (Postfix) with ESMTP id DFC6B13ED1C; Mon, 16 Apr 2018 13:21:06 +1200 (NZST) Received: by jackm-dl.ws.atlnz.lc (Postfix, from userid 1748) id AD2FBA3D3C; Mon, 16 Apr 2018 13:21:06 +1200 (NZST) From: Jack Ma To: netfilter-devel@vger.kernel.org Cc: fw@strlen.de, pablo@netfilter.org, Jack Ma Subject: [PATCH v2] xt_connmark: Fix invalid tginfo* casting. Date: Mon, 16 Apr 2018 13:21:04 +1200 Message-Id: <20180416012104.11855-1-jack.ma@alliedtelesis.co.nz> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20180415231331.14867-1-jack.ma@alliedtelesis.co.nz> References: <20180415231331.14867-1-jack.ma@alliedtelesis.co.nz> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This bug was found during testing pre-existing iptables options with newly added v2 APIs. Casting from (const struct xt_connmark_tginfo2 *) to (const struct xt_connmark_tginfo1 *) results in the significance to be lost. Subsequentially, the 'info->mode' is reset to zero, when multiple options are parsed in. Signed-off-by: Jack Ma --- net/netfilter/xt_connmark.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 710bc2bfe020..4350a6877077 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -37,21 +37,22 @@ MODULE_ALIAS("ip6t_connmark"); static unsigned int connmark_tg_shift(struct sk_buff *skb, - const struct xt_connmark_tginfo1 *info, + u8 mode, u32 ctmark, + u32 ctmask, u32 nfmask, u8 shift_bits, u8 shift_dir) { enum ip_conntrack_info ctinfo; struct nf_conn *ct; - u_int32_t newmark; - u_int32_t new_targetmark; + u_int32_t newmark = 0; + u_int32_t new_targetmark = 0; ct = nf_ct_get(skb, &ctinfo); if (ct == NULL) return XT_CONTINUE; - switch (info->mode) { + switch (mode) { case XT_CONNMARK_SET: - newmark = (ct->mark & ~info->ctmask) ^ info->ctmark; + newmark = (ct->mark & ~ctmask) ^ ctmark; if (shift_dir == D_SHIFT_RIGHT) newmark >>= shift_bits; else @@ -62,12 +63,12 @@ connmark_tg_shift(struct sk_buff *skb, } break; case XT_CONNMARK_SAVE: - new_targetmark = (skb->mark & info->nfmask); + new_targetmark = (skb->mark & nfmask); if (shift_dir == D_SHIFT_RIGHT) new_targetmark >>= shift_bits; else new_targetmark <<= shift_bits; - newmark = (ct->mark & ~info->ctmask) ^ + newmark = (ct->mark & ~ctmask) ^ new_targetmark; if (ct->mark != newmark) { ct->mark = newmark; @@ -75,12 +76,12 @@ connmark_tg_shift(struct sk_buff *skb, } break; case XT_CONNMARK_RESTORE: - new_targetmark = (ct->mark & info->ctmask); + new_targetmark = (ct->mark & ctmask); if (shift_dir == D_SHIFT_RIGHT) new_targetmark >>= shift_bits; else new_targetmark <<= shift_bits; - newmark = (skb->mark & ~info->nfmask) ^ + newmark = (skb->mark & ~nfmask) ^ new_targetmark; skb->mark = newmark; break; @@ -93,7 +94,8 @@ connmark_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_connmark_tginfo1 *info = par->targinfo; - return connmark_tg_shift(skb, info, 0, 0); + return connmark_tg_shift(skb, info->mode, info->ctmark, + info->ctmask, info->nfmask, 0, 0); } static unsigned int @@ -101,7 +103,8 @@ connmark_tg_v2(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_connmark_tginfo2 *info = par->targinfo; - return connmark_tg_shift(skb, (const struct xt_connmark_tginfo1 *)info, + return connmark_tg_shift(skb, info->mode, info->ctmark, + info->ctmask, info->nfmask, info->shift_bits, info->shift_dir); }