Andrei Popa wrote:
On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote:
Andrei Popa wrote:
The oops is reproducible by this script (yyy are some IP addresses):
...
#$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick"
-j DROP
I could reproduce it with an empty string - is $MyNick defined?
it's not defined.
Please try this patch.
it's ok now:
test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm
--string "$MyNick" -j DROP
iptables: Invalid argument
Thanks, thats whats expected. The patch is suboptimal though
since it should really allow patterns of length zero. Pablo,
the naive approach would be to ignore patlen == 0 in the
initialization path and return the current position in bm_find().
But I'm guessing there's a better way to handle this case,
could you look into this please? Thanks.
plain text document attachment (x)
diff --git a/lib/ts_bm.c b/lib/ts_bm.c
index d90822c..5adb3ff 100644
--- a/lib/ts_bm.c
+++ b/lib/ts_bm.c
@@ -142,6 +142,9 @@ static struct ts_config *bm_init(const void *pattern, unsigned int len,
unsigned int prefix_tbl_len = len * sizeof(unsigned int);
size_t priv_size = sizeof(*bm) + len + prefix_tbl_len;
+ if (len == 0)
+ return ERR_PTR(-EINVAL);
+
conf = alloc_ts_config(priv_size, gfp_mask);
if (IS_ERR(conf))
return conf;
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
