|
 |
349a7a |
From 2747cab9c49b570347c86ff59daec93a1432b0bc Mon Sep 17 00:00:00 2001
|
|
|
349a7a |
From: Phil Sutter <psutter@redhat.com>
|
|
|
349a7a |
Date: Wed, 27 Apr 2022 14:37:00 +0200
|
|
|
349a7a |
Subject: [PATCH] mnl: do not use expr->identifier to fetch device name
|
|
|
349a7a |
|
|
|
349a7a |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2070924
|
|
|
349a7a |
Upstream Status: nftables commit 78bbe7f7a55be
|
|
|
349a7a |
|
|
|
349a7a |
commit 78bbe7f7a55be48909067e25900de27623d8fa6a
|
|
|
349a7a |
Author: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
349a7a |
Date: Wed Feb 19 21:05:26 2020 +0100
|
|
|
349a7a |
|
|
|
349a7a |
mnl: do not use expr->identifier to fetch device name
|
|
|
349a7a |
|
|
|
349a7a |
This string might not be nul-terminated, resulting in spurious errors
|
|
|
349a7a |
when adding netdev chains.
|
|
|
349a7a |
|
|
|
349a7a |
Fixes: 3fdc7541fba0 ("src: add multidevice support for netdev chain")
|
|
|
349a7a |
Fixes: 92911b362e90 ("src: add support to add flowtables")
|
|
|
349a7a |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
349a7a |
---
|
|
|
349a7a |
src/mnl.c | 33 +++++++++++++++++++++++++++++----
|
|
|
349a7a |
src/parser_bison.y | 6 +++---
|
|
|
349a7a |
2 files changed, 32 insertions(+), 7 deletions(-)
|
|
|
349a7a |
|
|
|
349a7a |
diff --git a/src/mnl.c b/src/mnl.c
|
|
|
349a7a |
index 44cf1a4..f881d97 100644
|
|
|
349a7a |
--- a/src/mnl.c
|
|
|
349a7a |
+++ b/src/mnl.c
|
|
|
349a7a |
@@ -26,6 +26,7 @@
|
|
|
349a7a |
|
|
|
349a7a |
#include <mnl.h>
|
|
|
349a7a |
#include <string.h>
|
|
|
349a7a |
+#include <net/if.h>
|
|
|
349a7a |
#include <sys/socket.h>
|
|
|
349a7a |
#include <arpa/inet.h>
|
|
|
349a7a |
#include <fcntl.h>
|
|
|
349a7a |
@@ -529,7 +530,9 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
|
349a7a |
{
|
|
|
349a7a |
int priority, policy, i = 0;
|
|
|
349a7a |
struct nftnl_chain *nlc;
|
|
|
349a7a |
+ unsigned int ifname_len;
|
|
|
349a7a |
const char **dev_array;
|
|
|
349a7a |
+ char ifname[IFNAMSIZ];
|
|
|
349a7a |
struct nlmsghdr *nlh;
|
|
|
349a7a |
struct expr *expr;
|
|
|
349a7a |
int dev_array_len;
|
|
|
349a7a |
@@ -562,7 +565,12 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
|
349a7a |
dev_array = xmalloc(sizeof(char *) * 8);
|
|
|
349a7a |
dev_array_len = 8;
|
|
|
349a7a |
list_for_each_entry(expr, &cmd->chain->dev_expr->expressions, list) {
|
|
|
349a7a |
- dev_array[i++] = expr->identifier;
|
|
|
349a7a |
+ ifname_len = div_round_up(expr->len, BITS_PER_BYTE);
|
|
|
349a7a |
+ memset(ifname, 0, sizeof(ifname));
|
|
|
349a7a |
+ mpz_export_data(ifname, expr->value,
|
|
|
349a7a |
+ BYTEORDER_HOST_ENDIAN,
|
|
|
349a7a |
+ ifname_len);
|
|
|
349a7a |
+ dev_array[i++] = xstrdup(ifname);
|
|
|
349a7a |
if (i == dev_array_len) {
|
|
|
349a7a |
dev_array_len *= 2;
|
|
|
349a7a |
dev_array = xrealloc(dev_array,
|
|
|
349a7a |
@@ -577,6 +585,10 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
|
349a7a |
nftnl_chain_set_data(nlc, NFTNL_CHAIN_DEVICES, dev_array,
|
|
|
349a7a |
sizeof(char *) * dev_array_len);
|
|
|
349a7a |
|
|
|
349a7a |
+ i = 0;
|
|
|
349a7a |
+ while (dev_array[i] != NULL)
|
|
|
349a7a |
+ xfree(dev_array[i++]);
|
|
|
349a7a |
+
|
|
|
349a7a |
xfree(dev_array);
|
|
|
349a7a |
}
|
|
|
349a7a |
}
|
|
|
349a7a |
@@ -1488,7 +1500,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
|
349a7a |
unsigned int flags)
|
|
|
349a7a |
{
|
|
|
349a7a |
struct nftnl_flowtable *flo;
|
|
|
349a7a |
+ unsigned int ifname_len;
|
|
|
349a7a |
const char **dev_array;
|
|
|
349a7a |
+ char ifname[IFNAMSIZ];
|
|
|
349a7a |
struct nlmsghdr *nlh;
|
|
|
349a7a |
int i = 0, len = 1;
|
|
|
349a7a |
struct expr *expr;
|
|
|
349a7a |
@@ -1513,13 +1527,24 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
|
349a7a |
list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list)
|
|
|
349a7a |
len++;
|
|
|
349a7a |
|
|
|
349a7a |
- dev_array = calloc(len, sizeof(char *));
|
|
|
349a7a |
- list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list)
|
|
|
349a7a |
- dev_array[i++] = expr->identifier;
|
|
|
349a7a |
+ dev_array = xmalloc(sizeof(char *) * len);
|
|
|
349a7a |
+
|
|
|
349a7a |
+ list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) {
|
|
|
349a7a |
+ ifname_len = div_round_up(expr->len, BITS_PER_BYTE);
|
|
|
349a7a |
+ memset(ifname, 0, sizeof(ifname));
|
|
|
349a7a |
+ mpz_export_data(ifname, expr->value, BYTEORDER_HOST_ENDIAN,
|
|
|
349a7a |
+ ifname_len);
|
|
|
349a7a |
+ dev_array[i++] = xstrdup(ifname);
|
|
|
349a7a |
+ }
|
|
|
349a7a |
|
|
|
349a7a |
dev_array[i] = NULL;
|
|
|
349a7a |
nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES,
|
|
|
349a7a |
dev_array, sizeof(char *) * len);
|
|
|
349a7a |
+
|
|
|
349a7a |
+ i = 0;
|
|
|
349a7a |
+ while (dev_array[i] != NULL)
|
|
|
349a7a |
+ xfree(dev_array[i++]);
|
|
|
349a7a |
+
|
|
|
349a7a |
free(dev_array);
|
|
|
349a7a |
|
|
|
349a7a |
netlink_dump_flowtable(flo, ctx);
|
|
|
349a7a |
diff --git a/src/parser_bison.y b/src/parser_bison.y
|
|
|
349a7a |
index 2cdf8ec..dc87571 100644
|
|
|
349a7a |
--- a/src/parser_bison.y
|
|
|
349a7a |
+++ b/src/parser_bison.y
|
|
|
349a7a |
@@ -1909,9 +1909,9 @@ flowtable_list_expr : flowtable_expr_member
|
|
|
349a7a |
|
|
|
349a7a |
flowtable_expr_member : STRING
|
|
|
349a7a |
{
|
|
|
349a7a |
- $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
|
|
|
349a7a |
- current_scope(state),
|
|
|
349a7a |
- $1);
|
|
|
349a7a |
+ $$ = constant_expr_alloc(&@$, &string_type,
|
|
|
349a7a |
+ BYTEORDER_HOST_ENDIAN,
|
|
|
349a7a |
+ strlen($1) * BITS_PER_BYTE, $1);
|
|
|
349a7a |
xfree($1);
|
|
|
349a7a |
}
|
|
|
349a7a |
;
|
|
|
349a7a |
--
|
|
|
349a7a |
2.34.1
|
|
|
349a7a |
|