diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-23 15:31:29 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-23 15:31:29 +0100 |
commit | 972e6b3c19f3c79b59804308efac447bd2d016ec (patch) | |
tree | bdf08d9578c43cc24350c11149020f612381566a /src | |
parent | 0f94ee526d87d0e02a742dc22af959e873ce22e2 (diff) |
helper: fix missing copy function for helper name
This patch fixes a NULL dereference to a function pointer in
nfct_copy() that is triggered when you try to copy the helper
name. This patch also adds an assertion to easily report similar
problems in the future.
Thanks to <pageexec@freemail.hu> for his detailed debugging report.
Reported-by: Wolfram Schlich <lists@wolfram.schlich.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack/api.c | 5 | ||||
-rw-r--r-- | src/conntrack/copy.c | 8 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index a5ddbc2..6dae83f 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -892,6 +892,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags == NFCT_CP_ALL) { for (i=0; i<ATTR_MAX; i++) { if (test_bit(i, ct2->set)) { + assert(copy_attr_array[i]); copy_attr_array[i](ct1, ct2); set_bit(i, ct1->set); } @@ -917,6 +918,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_ORIG) { for (i=0; i<__CP_ORIG_MAX; i++) { if (test_bit(cp_orig_mask[i], ct2->set)) { + assert(copy_attr_array[i]); copy_attr_array[cp_orig_mask[i]](ct1, ct2); set_bit(cp_orig_mask[i], ct1->set); } @@ -938,6 +940,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_REPL) { for (i=0; i<__CP_REPL_MAX; i++) { if (test_bit(cp_repl_mask[i], ct2->set)) { + assert(copy_attr_array[i]); copy_attr_array[cp_repl_mask[i]](ct1, ct2); set_bit(cp_repl_mask[i], ct1->set); } @@ -947,6 +950,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_META) { for (i=ATTR_TCP_STATE; i<ATTR_MAX; i++) { if (test_bit(i, ct2->set)) { + assert(copy_attr_array[i]), copy_attr_array[i](ct1, ct2); set_bit(i, ct1->set); } @@ -967,6 +971,7 @@ void nfct_copy_attr(struct nf_conntrack *ct1, const enum nf_conntrack_attr type) { if (test_bit(type, ct2->set)) { + assert(copy_attr_array[type]); copy_attr_array[type](ct1, ct2); set_bit(type, ct1->set); } diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 45633f2..a821f08 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -370,6 +370,13 @@ static void copy_attr_repl_off_aft(struct nf_conntrack *dest, orig->tuple[__DIR_REPL].natseq.offset_after; } +static void copy_attr_helper_name(struct nf_conntrack *dest, + const struct nf_conntrack *orig) +{ + strncpy(dest->helper_name, orig->helper_name, __NFCT_HELPER_NAMELEN); + dest->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0'; +} + copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst, @@ -426,4 +433,5 @@ copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_SCTP_STATE] = copy_attr_sctp_state, [ATTR_SCTP_VTAG_ORIG] = copy_attr_sctp_vtag_orig, [ATTR_SCTP_VTAG_REPL] = copy_attr_sctp_vtag_repl, + [ATTR_HELPER_NAME] = copy_attr_helper_name, }; |