* [PATCH 2/3] netfilter: potential null derefence.
@ 2012-03-01 9:17 santosh nayak
2012-03-01 10:21 ` Pablo Neira Ayuso
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: santosh nayak @ 2012-03-01 9:17 UTC (permalink / raw
To: bart.de.schuymer
Cc: pablo, kaber, shemminger, davem, netfilter-devel, netfilter,
coreteam, bridge, netdev, linux-kernel, kernel-janitors,
Santosh Nayak
From: Santosh Nayak <santoshprasadnayak@gmail.com>
I am getting following error.
" net/bridge/netfilter/ebtables.c:269 ebt_do_table()
error: potential null derefence 'cs'"
i = cs[sp].n; // If cs == Null then this will cause problem.
Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
---
net/bridge/netfilter/ebtables.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index f3fcbd9..9c0f177 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -209,8 +209,10 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
smp_processor_id());
if (private->chainstack)
cs = private->chainstack[smp_processor_id()];
- else
+ else {
cs = NULL;
+ goto out;
+ }
chaininfo = private->hook_entry[hook];
nentries = private->hook_entry[hook]->nentries;
point = (struct ebt_entry *)(private->hook_entry[hook]->data);
@@ -313,6 +315,7 @@ letscontinue:
read_unlock_bh(&table->lock);
return NF_ACCEPT;
}
+out:
read_unlock_bh(&table->lock);
return NF_DROP;
}
--
1.7.4.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] netfilter: potential null derefence.
2012-03-01 9:17 [PATCH 2/3] netfilter: potential null derefence santosh nayak
@ 2012-03-01 10:21 ` Pablo Neira Ayuso
2012-03-01 10:23 ` santosh prasad nayak
2012-03-01 12:30 ` Pablo Neira Ayuso
2012-03-02 1:22 ` Pablo Neira Ayuso
2 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2012-03-01 10:21 UTC (permalink / raw
To: santosh nayak
Cc: bart.de.schuymer, kaber, shemminger, davem, netfilter-devel,
netfilter, coreteam, bridge, netdev, linux-kernel,
kernel-janitors
On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
> From: Santosh Nayak <santoshprasadnayak@gmail.com>
>
> I am getting following error.
> " net/bridge/netfilter/ebtables.c:269 ebt_do_table()
> error: potential null derefence 'cs'"
>
> i = cs[sp].n; // If cs == Null then this will cause problem.
>
> Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
> ---
> net/bridge/netfilter/ebtables.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
> index f3fcbd9..9c0f177 100644
> --- a/net/bridge/netfilter/ebtables.c
> +++ b/net/bridge/netfilter/ebtables.c
> @@ -209,8 +209,10 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
> smp_processor_id());
> if (private->chainstack)
> cs = private->chainstack[smp_processor_id()];
> - else
> + else {
> cs = NULL;
> + goto out;
There is no "out" label in ebt_do_table !!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] netfilter: potential null derefence.
2012-03-01 10:21 ` Pablo Neira Ayuso
@ 2012-03-01 10:23 ` santosh prasad nayak
0 siblings, 0 replies; 7+ messages in thread
From: santosh prasad nayak @ 2012-03-01 10:23 UTC (permalink / raw
To: Pablo Neira Ayuso
Cc: bart.de.schuymer, kaber, shemminger, davem, netfilter-devel,
netfilter, coreteam, bridge, netdev, linux-kernel,
kernel-janitors
Hi Pablo,
Please look at the last line of my patch.
I have added a new label "out"
regards
santosh
On Thu, Mar 1, 2012 at 3:51 PM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
>> From: Santosh Nayak <santoshprasadnayak@gmail.com>
>>
>> I am getting following error.
>> " net/bridge/netfilter/ebtables.c:269 ebt_do_table()
>> error: potential null derefence 'cs'"
>>
>> i = cs[sp].n; // If cs == Null then this will cause problem.
>>
>> Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
>> ---
>> net/bridge/netfilter/ebtables.c | 5 ++++-
>> 1 files changed, 4 insertions(+), 1 deletions(-)
>>
>> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
>> index f3fcbd9..9c0f177 100644
>> --- a/net/bridge/netfilter/ebtables.c
>> +++ b/net/bridge/netfilter/ebtables.c
>> @@ -209,8 +209,10 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
>> smp_processor_id());
>> if (private->chainstack)
>> cs = private->chainstack[smp_processor_id()];
>> - else
>> + else {
>> cs = NULL;
>> + goto out;
>
> There is no "out" label in ebt_do_table !!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] netfilter: potential null derefence.
2012-03-01 9:17 [PATCH 2/3] netfilter: potential null derefence santosh nayak
2012-03-01 10:21 ` Pablo Neira Ayuso
@ 2012-03-01 12:30 ` Pablo Neira Ayuso
2012-03-02 21:31 ` [Bridge] " Bart De Schuymer
2012-03-02 1:22 ` Pablo Neira Ayuso
2 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2012-03-01 12:30 UTC (permalink / raw
To: santosh nayak
Cc: bart.de.schuymer, kaber, shemminger, davem, netfilter-devel,
netfilter, coreteam, bridge, netdev, linux-kernel,
kernel-janitors
On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
> From: Santosh Nayak <santoshprasadnayak@gmail.com>
>
> I am getting following error.
> " net/bridge/netfilter/ebtables.c:269 ebt_do_table()
> error: potential null derefence 'cs'"
>
> i = cs[sp].n; // If cs == Null then this will cause problem.
Very sorry, I didn't see the out label.
I'll apply this to my nf [1] once David takes my previous request for
pulling.
[1] http://1984.lsi.us.es/git/net
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] netfilter: potential null derefence.
2012-03-01 9:17 [PATCH 2/3] netfilter: potential null derefence santosh nayak
2012-03-01 10:21 ` Pablo Neira Ayuso
2012-03-01 12:30 ` Pablo Neira Ayuso
@ 2012-03-02 1:22 ` Pablo Neira Ayuso
2 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2012-03-02 1:22 UTC (permalink / raw
To: santosh nayak
Cc: bart.de.schuymer, kaber, shemminger, davem, netfilter-devel,
netfilter, coreteam, bridge, netdev, linux-kernel,
kernel-janitors
On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
> From: Santosh Nayak <santoshprasadnayak@gmail.com>
>
> I am getting following error.
> " net/bridge/netfilter/ebtables.c:269 ebt_do_table()
> error: potential null derefence 'cs'"
>
> i = cs[sp].n; // If cs == Null then this will cause problem.
>
> Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
> ---
> net/bridge/netfilter/ebtables.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
> index f3fcbd9..9c0f177 100644
> --- a/net/bridge/netfilter/ebtables.c
> +++ b/net/bridge/netfilter/ebtables.c
> @@ -209,8 +209,10 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
> smp_processor_id());
> if (private->chainstack)
> cs = private->chainstack[smp_processor_id()];
> - else
> + else {
> cs = NULL;
I just noticed we can remove this cs = NULL. No need to resend, I'll
mangle it myself.
> + goto out;
> + }
> chaininfo = private->hook_entry[hook];
> nentries = private->hook_entry[hook]->nentries;
> point = (struct ebt_entry *)(private->hook_entry[hook]->data);
> @@ -313,6 +315,7 @@ letscontinue:
> read_unlock_bh(&table->lock);
> return NF_ACCEPT;
> }
> +out:
> read_unlock_bh(&table->lock);
> return NF_DROP;
> }
> --
> 1.7.4.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bridge] [PATCH 2/3] netfilter: potential null derefence.
2012-03-01 12:30 ` Pablo Neira Ayuso
@ 2012-03-02 21:31 ` Bart De Schuymer
2012-03-03 9:11 ` Pablo Neira Ayuso
0 siblings, 1 reply; 7+ messages in thread
From: Bart De Schuymer @ 2012-03-02 21:31 UTC (permalink / raw
To: Pablo Neira Ayuso
Cc: santosh nayak, netfilter, coreteam, netdev, bridge,
kernel-janitors, linux-kernel, davem, bart.de.schuymer,
netfilter-devel, shemminger
Op 1/03/2012 13:30, Pablo Neira Ayuso schreef:
> On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
>> From: Santosh Nayak<santoshprasadnayak@gmail.com>
>>
>> I am getting following error.
>> " net/bridge/netfilter/ebtables.c:269 ebt_do_table()
>> error: potential null derefence 'cs'"
>>
>> i = cs[sp].n; // If cs == Null then this will cause problem.
>
> Very sorry, I didn't see the out label.
>
> I'll apply this to my nf [1] once David takes my previous request for
> pulling.
>
Hi,
Has this patch been tested? Really, that code in the core firewall
function is there for a reason, wouldn't you think?
The chainstack is only allocated when user-defined chains are used (see
translate_table).
Never blindly trust a tool.
Bart
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bridge] [PATCH 2/3] netfilter: potential null derefence.
2012-03-02 21:31 ` [Bridge] " Bart De Schuymer
@ 2012-03-03 9:11 ` Pablo Neira Ayuso
0 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2012-03-03 9:11 UTC (permalink / raw
To: Bart De Schuymer
Cc: santosh nayak, netfilter, coreteam, netdev, bridge,
kernel-janitors, linux-kernel, davem, bart.de.schuymer,
netfilter-devel, shemminger
On Fri, Mar 02, 2012 at 10:31:23PM +0100, Bart De Schuymer wrote:
> Op 1/03/2012 13:30, Pablo Neira Ayuso schreef:
> >On Thu, Mar 01, 2012 at 02:47:14PM +0530, santosh nayak wrote:
> >>From: Santosh Nayak<santoshprasadnayak@gmail.com>
> >>
> >>I am getting following error.
> >>" net/bridge/netfilter/ebtables.c:269 ebt_do_table()
> >> error: potential null derefence 'cs'"
> >>
> >> i = cs[sp].n; // If cs == Null then this will cause problem.
> >
> >Very sorry, I didn't see the out label.
> >
> >I'll apply this to my nf [1] once David takes my previous request for
> >pulling.
> >
>
> Hi,
>
> Has this patch been tested? Really, that code in the core firewall
> function is there for a reason, wouldn't you think?
> The chainstack is only allocated when user-defined chains are used
> (see translate_table).
> Never blindly trust a tool.
I see, then that cs NULL dereference never happens.
Thanks Bart, I'll drop this patch.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-03-03 9:12 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-01 9:17 [PATCH 2/3] netfilter: potential null derefence santosh nayak
2012-03-01 10:21 ` Pablo Neira Ayuso
2012-03-01 10:23 ` santosh prasad nayak
2012-03-01 12:30 ` Pablo Neira Ayuso
2012-03-02 21:31 ` [Bridge] " Bart De Schuymer
2012-03-03 9:11 ` Pablo Neira Ayuso
2012-03-02 1:22 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).