From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
When connlabel.conf is empty, nfct_labelmap_new will return NULL and
set errno to 0. So we will miss to check this situation, and cause NULL
deference in nfct_labelmap_get_bit.
Input the following commands will reproduce this crash:
# echo > /etc/xtables/connlabel.conf
# iptables -A INPUT -m connlabel --label abc
Segmentation fault (core dumped)
Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
---
extensions/libxt_connlabel.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
index 96b9aec..7e4ff26 100644
--- a/extensions/libxt_connlabel.c
+++ b/extensions/libxt_connlabel.c
@@ -38,9 +38,16 @@ static void connlabel_open(void)
return;
map = nfct_labelmap_new(NULL);
- if (!map && errno)
- xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
- strerror(errno));
+ if (map != NULL)
+ return;
+
+ if (errno) {
+ xtables_error(RESOURCE_PROBLEM,
+ "cannot open connlabel.conf: %s", strerror(errno));
+ } else {
+ xtables_error(RESOURCE_PROBLEM,
+ "cannot parse label, maybe valid label map is empty");
+ }
}
static void connlabel_mt_parse(struct xt_option_call *cb)
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
