Re: [oops] in text matching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrei Popa wrote:
On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote:
Andrei Popa wrote:
The oops is reproducible by this script (yyy are some IP addresses):

...
#$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick"
-j DROP

I could reproduce it with an empty string - is $MyNick defined?

it's not defined.

Please try this patch.

it's ok now:

test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm
--string "$MyNick" -j DROP
iptables: Invalid argument


Thanks, thats whats expected. The patch is suboptimal though
since it should really allow patterns of length zero. Pablo,
the naive approach would be to ignore patlen == 0 in the
initialization path and return the current position in bm_find().
But I'm guessing there's a better way to handle this case,
could you look into this please? Thanks.


plain text document attachment (x)
diff --git a/lib/ts_bm.c b/lib/ts_bm.c
index d90822c..5adb3ff 100644
--- a/lib/ts_bm.c
+++ b/lib/ts_bm.c
@@ -142,6 +142,9 @@ static struct ts_config *bm_init(const void *pattern, unsigned int len,
 	unsigned int prefix_tbl_len = len * sizeof(unsigned int);
 	size_t priv_size = sizeof(*bm) + len + prefix_tbl_len;
+ if (len == 0)
+		return ERR_PTR(-EINVAL);
+
 	conf = alloc_ts_config(priv_size, gfp_mask);
 	if (IS_ERR(conf))
 		return conf;


-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux