On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote: > Andrei Popa wrote: > > The oops is reproducible by this script (yyy are some IP addresses): > > > > ... > > #$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick" > > -j DROP > > > I could reproduce it with an empty string - is $MyNick defined? it's not defined. > Please try this patch. it's ok now: test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick" -j DROP iptables: Invalid argument test ~ # > plain text document attachment (x) > diff --git a/lib/ts_bm.c b/lib/ts_bm.c > index d90822c..5adb3ff 100644 > --- a/lib/ts_bm.c > +++ b/lib/ts_bm.c > @@ -142,6 +142,9 @@ static struct ts_config *bm_init(const void *pattern, unsigned int len, > unsigned int prefix_tbl_len = len * sizeof(unsigned int); > size_t priv_size = sizeof(*bm) + len + prefix_tbl_len; > > + if (len == 0) > + return ERR_PTR(-EINVAL); > + > conf = alloc_ts_config(priv_size, gfp_mask); > if (IS_ERR(conf)) > return conf; - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
