| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Use a more modern alternative to bzip2.
Suggested-by: Jan Engelhardt <jengelh@inai.de>
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In nfct_helper_nlmsg_build_policy(), we always set the attribute type to
NFCTH_POLICY_SET, so we cannot add more than one nfct_helper_policy to
the kernel.
Also: in nfct_helper_nlmsg_parse_policy(), we will increase the
helper->policy_num for each nfct_helper_policy, but we mistakenly set it
to the total number of nfct_helper_policy. So when the total number is
more than 3, later out of bound access will happen.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
NFCTH_PRIV_DATA_LEN is a must attribute required by the kernel when
creating the cthelper, add it now. Otherwise -EINVAL will be returned.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After inputting the following test command, core dump happened:
# ./examples/nfct-helper-add test 1
*** Error in
`.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add':
double free or corruption (fasttop): 0x0000000001f3c070 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77de5)[0x7fd9ebe88de5]
/lib64/libc.so.6(+0x8022a)[0x7fd9ebe9122a]
/lib64/libc.so.6(cfree+0x4c)[0x7fd9ebe9478c]
[...]
Because "struct nfct_helper_policy *p" had been freed by nfct_helper_free,
so there's no need to invoke nfct_helper_policy_free again, otherwise
double free error will happen.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang is sensitive to the ordering of
__attribute__((visibility("default"))) relative to the function
body. gcc is not. So if we try to re-declare an existing function
with default visibility, clang prints a warning and generates
a broken .so file in which nfct_helper_* are not exported to library
callers.
Move the attribute up into the function definition to make clang happy.
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=990
Signed-off-by: Christopher Horler <cshorler@googlemail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
| |
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'libnetfilter_cthelper.la': linking libtool libraries using a non-POSIX
archiver requires 'AM_PROG_AR' in 'configure.ac'
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
| |
The licensing terms of this library were pretty inconsistent.
This library is GPLv2+.
Thanks to Jan Engelhardt and openSUSE legal team for spotting this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
to adapt it to the new API
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch includes the modification of the snprintf interface and
the completition of the expectation policy handling.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Fix wrong content.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This file contained the old NFNL_SUBSYS_CTHELPER, before the
cttimeout infrastructure was added.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
New attribute that is mandatory to set the size of the private data.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|