| Message ID | 20180821115556.GA8312@heena.pune.nevisnetworks.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | xtables: Fix for segfault when registering hashlimit extension | expand |
Heena Sirwani <heenasirwani@gmail.com> wrote: > This patch fixes the crash when registering the hashlimit extension > with xtables during init_extensions(when built with static libs) . > The option validation function xtables_option_metavalidate has a > loop termination condition of the entry name being NULL. The loop > does not terminate when validating hashlimit_mt_opts_v2 which causes > a crash on derefencing an invalid entry. Applied, thanks for following up so quickly.
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 70bc615..7d78d85 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -205,6 +205,7 @@ static const struct xt_option_entry hashlimit_mt_opts_v2[] = { {.name = "hashlimit-mode", .id = O_MODE, .type = XTTYPE_STRING}, {.name = "hashlimit-name", .id = O_NAME, .type = XTTYPE_STRING, .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, name), .min = 1}, + XTOPT_TABLEEND, }; #undef s
This patch fixes the crash when registering the hashlimit extension with xtables during init_extensions(when built with static libs) . The option validation function xtables_option_metavalidate has a loop termination condition of the entry name being NULL. The loop does not terminate when validating hashlimit_mt_opts_v2 which causes a crash on derefencing an invalid entry. Signed-off-by: Heena Sirwani <heenasirwani@gmail.com> --- extensions/libxt_hashlimit.c | 1 + 1 file changed, 1 insertion(+)