From patchwork Tue Feb 24 13:43:40 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 442990 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 00A87140151 for ; Wed, 25 Feb 2015 00:40:19 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751866AbbBXNkR (ORCPT ); Tue, 24 Feb 2015 08:40:17 -0500 Received: from mail.us.es ([193.147.175.20]:34678 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750925AbbBXNkQ (ORCPT ); Tue, 24 Feb 2015 08:40:16 -0500 Received: (qmail 17511 invoked from network); 24 Feb 2015 14:40:15 +0100 Received: from unknown (HELO us.es) (192.168.2.15) by us.es with SMTP; 24 Feb 2015 14:40:15 +0100 Received: (qmail 14273 invoked by uid 507); 24 Feb 2015 13:40:15 -0000 X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus5 (envelope-from , uid 501) with qmail-scanner-2.10 (clamdscan: 0.98.6/20102. spamassassin: 3.4.0. Clear:RC:1(127.0.0.1):SA:0(-103.2/7.5):. Processed in 4.867599 secs); 24 Feb 2015 13:40:15 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on antivirus5 X-Spam-Level: X-Spam-Status: No, score=-103.2 required=7.5 tests=BAYES_50, HEADER_FROM_DIFFERENT_DOMAINS, SMTPAUTH_US, SPF_HELO_FAIL, USER_IN_WHITELIST autolearn=disabled version=3.4.0 X-Spam-ASN: AS12715 87.216.0.0/16 X-Envelope-From: pneira@us.es Received: from unknown (HELO antivirus5) (127.0.0.1) by us.es with SMTP; 24 Feb 2015 13:40:10 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus5 (F-Secure/fsigk_smtp/412/antivirus5); Tue, 24 Feb 2015 14:40:10 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus5) Received: (qmail 9766 invoked from network); 24 Feb 2015 14:40:10 +0100 Received: from 77.166.216.87.static.jazztel.es (HELO us.es) (1984lsi@87.216.166.77) by mail.us.es with AES128-SHA encrypted SMTP; 24 Feb 2015 14:40:10 +0100 Date: Tue, 24 Feb 2015 14:43:40 +0100 From: Pablo Neira Ayuso To: Alvaro Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: Re: [libnftnl PATCH] ruleset: crash in path error when we build the xml tree Message-ID: <20150224134340.GB3589@salvia> References: <1424765433-4975-1-git-send-email-alvaroneay@gmail.com> <1424765433-4975-2-git-send-email-alvaroneay@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1424765433-4975-2-git-send-email-alvaroneay@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On Tue, Feb 24, 2015 at 09:10:33AM +0100, Alvaro Neira Ayuso wrote: > Crash when we try to release a tree that is not initialized. > > Signed-off-by: Alvaro Neira Ayuso > --- > src/ruleset.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/src/ruleset.c b/src/ruleset.c > index 9e8965c..8549130 100644 > --- a/src/ruleset.c > +++ b/src/ruleset.c > @@ -669,8 +669,10 @@ static int nft_ruleset_xml_parse(const void *xml, struct nft_parse_err *err, > nft_ruleset_ctx_set(&ctx, NFT_RULESET_CTX_DATA, arg); > > tree = nft_mxml_build_tree(xml, "nftables", err, input); > - if (tree == NULL) > - goto err; > + if (tree == NULL) { > + nft_set_list_free(ctx.set_list); > + return -1; > + } You have exactly the same problem in nft_ruleset_json_parse(). Have a look at the patch attached, it provides a template on how to fix this. Another different thing: it would be good to use the new 'buffer' class to snprintf the ruleset. diff --git a/src/ruleset.c b/src/ruleset.c index 89ea344..86d8033 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -665,7 +665,7 @@ static int nft_ruleset_xml_parse(const void *xml, struct nft_parse_err *err, tree = nft_mxml_build_tree(xml, "nftables", err, input); if (tree == NULL) - goto err; + goto err1; ctx.xml = tree; @@ -673,16 +673,17 @@ static int nft_ruleset_xml_parse(const void *xml, struct nft_parse_err *err, while (nodecmd != NULL) { cmd = nodecmd->value.opaque; if (nft_ruleset_xml_parse_cmd(cmd, err, &ctx) < 0) - goto err; + goto err2; nodecmd = mxmlWalkNext(tree, tree, MXML_NO_DESCEND); } nft_set_list_free(ctx.set_list); mxmlDelete(tree); return 0; -err: - nft_set_list_free(ctx.set_list); +err2: mxmlDelete(tree); +err1: + nft_set_list_free(ctx.set_list); return -1; #else errno = EOPNOTSUPP;