From 3af72f100ad783b0204ce519de26a639f920b558 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 30 Sep 2021 14:56:31 +0200 Subject: libebtc: fix malloc usage Rule insertion may fail on systems where libc doesn't provided zeroed memory via malloc (which is legal). IOW, this was never guaranteed to work correctly. Add a xzalloc wrapper to do error checking and zeroing and then use it in libebtc. Reported-and-tested-by: Senthil Kumar Balasubramanian Diagnosed-by: Phil Sutter Signed-off-by: Florian Westphal --- libebtc.c | 60 ++++++++++++++++++++++++------------------------------------ 1 file changed, 24 insertions(+), 36 deletions(-) diff --git a/libebtc.c b/libebtc.c index 112c307..1cc1016 100644 --- a/libebtc.c +++ b/libebtc.c @@ -41,6 +41,18 @@ static void decrease_chain_jumps(struct ebt_u_replace *replace); static int iterate_entries(struct ebt_u_replace *replace, int type); +static void *xzalloc(size_t s) +{ + void *p = malloc(s); + + if (!p) + ebt_print_memory(); + + memset(p, 0, s); + + return p; +} + /* The standard names */ const char *ebt_hooknames[NF_BR_NUMHOOKS] = { @@ -266,9 +278,7 @@ void ebt_reinit_extensions() for (m = ebt_matches; m; m = m->next) { if (m->used) { size = EBT_ALIGN(m->size) + sizeof(struct ebt_entry_match); - m->m = (struct ebt_entry_match *)malloc(size); - if (!m->m) - ebt_print_memory(); + m->m = xzalloc(size); strcpy(m->m->u.name, m->name); m->m->u.revision = m->revision; m->m->match_size = EBT_ALIGN(m->size); @@ -280,9 +290,7 @@ void ebt_reinit_extensions() for (w = ebt_watchers; w; w = w->next) { if (w->used) { size = EBT_ALIGN(w->size) + sizeof(struct ebt_entry_watcher); - w->w = (struct ebt_entry_watcher *)malloc(size); - if (!w->w) - ebt_print_memory(); + w->w = xzalloc(size); strcpy(w->w->u.name, w->name); w->w->watcher_size = EBT_ALIGN(w->size); w->used = 0; @@ -293,9 +301,7 @@ void ebt_reinit_extensions() for (t = ebt_targets; t; t = t->next) { if (t->used) { size = EBT_ALIGN(t->size) + sizeof(struct ebt_entry_target); - t->t = (struct ebt_entry_target *)malloc(size); - if (!t->t) - ebt_print_memory(); + t->t = xzalloc(size); strcpy(t->t->u.name, t->name); t->t->target_size = EBT_ALIGN(t->size); t->used = 0; @@ -645,9 +651,7 @@ void ebt_add_rule(struct ebt_u_replace *replace, struct ebt_u_entry *new_entry, new_entry->prev = u_e->prev; u_e->prev->next = new_entry; u_e->prev = new_entry; - new_cc = (struct ebt_cntchanges *)malloc(sizeof(struct ebt_cntchanges)); - if (!new_cc) - ebt_print_memory(); + new_cc = xzalloc(sizeof(struct ebt_cntchanges)); new_cc->type = CNT_ADD; new_cc->change = 0; if (new_entry->next == entries->entries) { @@ -861,18 +865,14 @@ void ebt_new_chain(struct ebt_u_replace *replace, const char *name, int policy) if (replace->num_chains == replace->max_chains) ebt_double_chains(replace); - new = (struct ebt_u_entries *)malloc(sizeof(struct ebt_u_entries)); - if (!new) - ebt_print_memory(); + new = xzalloc(sizeof(struct ebt_u_entries)); replace->chains[replace->num_chains++] = new; new->nentries = 0; new->policy = policy; new->counter_offset = replace->nentries; new->hook_mask = 0; strcpy(new->name, name); - new->entries = (struct ebt_u_entry *)malloc(sizeof(struct ebt_u_entry)); - if (!new->entries) - ebt_print_memory(); + new->entries = xzalloc(sizeof(struct ebt_u_entry)); new->entries->next = new->entries->prev = new->entries; new->kernel_start = NULL; } @@ -1041,7 +1041,7 @@ void ebt_check_for_loops(struct ebt_u_replace *replace) } if (replace->num_chains == NF_BR_NUMHOOKS) return; - stack = (struct ebt_u_stack *)malloc((replace->num_chains - NF_BR_NUMHOOKS) * sizeof(struct ebt_u_stack)); + stack = calloc((replace->num_chains - NF_BR_NUMHOOKS), sizeof(struct ebt_u_stack)); if (!stack) ebt_print_memory(); @@ -1111,10 +1111,7 @@ void ebt_add_match(struct ebt_u_entry *new_entry, struct ebt_u_match *m) struct ebt_u_match_list **m_list, *new; for (m_list = &new_entry->m_list; *m_list; m_list = &(*m_list)->next); - new = (struct ebt_u_match_list *) - malloc(sizeof(struct ebt_u_match_list)); - if (!new) - ebt_print_memory(); + new = xzalloc(sizeof(struct ebt_u_match_list)); *m_list = new; new->next = NULL; new->m = (struct ebt_entry_match *)m; @@ -1126,10 +1123,7 @@ void ebt_add_watcher(struct ebt_u_entry *new_entry, struct ebt_u_watcher *w) struct ebt_u_watcher_list *new; for (w_list = &new_entry->w_list; *w_list; w_list = &(*w_list)->next); - new = (struct ebt_u_watcher_list *) - malloc(sizeof(struct ebt_u_watcher_list)); - if (!new) - ebt_print_memory(); + new = xzalloc(sizeof(struct ebt_u_watcher_list)); *w_list = new; new->next = NULL; new->w = (struct ebt_entry_watcher *)w; @@ -1206,9 +1200,7 @@ void ebt_register_match(struct ebt_u_match *m) int size = EBT_ALIGN(m->size) + sizeof(struct ebt_entry_match); struct ebt_u_match **i; - m->m = (struct ebt_entry_match *)malloc(size); - if (!m->m) - ebt_print_memory(); + m->m = xzalloc(size); strcpy(m->m->u.name, m->name); m->m->u.revision = m->revision; m->m->match_size = EBT_ALIGN(m->size); @@ -1224,9 +1216,7 @@ void ebt_register_watcher(struct ebt_u_watcher *w) int size = EBT_ALIGN(w->size) + sizeof(struct ebt_entry_watcher); struct ebt_u_watcher **i; - w->w = (struct ebt_entry_watcher *)malloc(size); - if (!w->w) - ebt_print_memory(); + w->w = xzalloc(size); strcpy(w->w->u.name, w->name); w->w->watcher_size = EBT_ALIGN(w->size); w->init(w->w); @@ -1241,9 +1231,7 @@ void ebt_register_target(struct ebt_u_target *t) int size = EBT_ALIGN(t->size) + sizeof(struct ebt_entry_target); struct ebt_u_target **i; - t->t = (struct ebt_entry_target *)malloc(size); - if (!t->t) - ebt_print_memory(); + t->t = xzalloc(size); strcpy(t->t->u.name, t->name); t->t->target_size = EBT_ALIGN(t->size); t->init(t->t); -- cgit v1.2.3