Re: [oops] in text matching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patrick McHardy wrote:
Andrei Popa wrote:
On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote:
Andrei Popa wrote:
The oops is reproducible by this script (yyy are some IP addresses):

...
#$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick"
-j DROP

I could reproduce it with an empty string - is $MyNick defined?

it's not defined.

Please try this patch.

it's ok now:

test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm
--string "$MyNick" -j DROP
iptables: Invalid argument


Thanks, thats whats expected. The patch is suboptimal though
since it should really allow patterns of length zero. Pablo,
the naive approach would be to ignore patlen == 0 in the
initialization path and return the current position in bm_find().
But I'm guessing there's a better way to handle this case,
could you look into this please? Thanks.


Pablo? I would prefer to get this fixed before 2.6.24, unless
there's a better fix I'm going to include my patch to reject
pattern lengths of 0. Thanks.

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux