diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-09-19 18:09:31 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-03 12:23:37 +0100 |
| commit | 6ec23b38a39ff04604b55653d07637853a3ec176 (patch) | |
| tree | c6371de70384afeac9369ffa582667ace54f0986 /src/datatype.c | |
| parent | 5114ab50f786709cb2ac53a6bf006f1c40718526 (diff) | |
datatype: initialize TYPE_CT_LABEL slot in datatype array
commit 1b235f9962a059a599d9a9ecce477ed71e328e89 upstream.
Otherwise, ct label with concatenations such as:
table ip x {
chain y {
ct label . ct mark { 0x1 . 0x1 }
}
}
crashes:
../include/datatype.h:196:11: runtime error: member access within null pointer of type 'const struct datatype'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==640948==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fc970d3199b bp 0x7fffd1f20560 sp 0x7fffd1f20540 T0)
==640948==The signal is caused by a READ memory access.
==640948==Hint: address points to the zero page.
sudo #0 0x7fc970d3199b in datatype_equal ../include/datatype.h:196
Fixes: 2fcce8b0677b ("ct: connlabel matching support")
Reported-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/datatype.c')
| -rw-r--r-- | src/datatype.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/datatype.c b/src/datatype.c index dcda32c8..81b8b4d5 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -62,6 +62,7 @@ static const struct datatype *datatypes[TYPE_MAX + 1] = { [TYPE_CT_DIR] = &ct_dir_type, [TYPE_CT_STATUS] = &ct_status_type, [TYPE_ICMP6_TYPE] = &icmp6_type_type, + [TYPE_CT_LABEL] = &ct_label_type, [TYPE_PKTTYPE] = &pkttype_type, [TYPE_ICMP_CODE] = &icmp_code_type, [TYPE_ICMPV6_CODE] = &icmpv6_code_type, |