Re: [iptables PATCH 14/23] ebtables: Fix segfault when parsing a rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 27, 2018 at 01:29:07PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jul 27, 2018 at 12:53:22PM +0200, Phil Sutter wrote:
> > Hi,
> > 
> > On Fri, Jul 27, 2018 at 11:45:16AM +0200, Pablo Neira Ayuso wrote:
> > > On Fri, Jul 27, 2018 at 12:22:33AM +0200, Phil Sutter wrote:
> > > > This should happen in ebtables-restore only: If a previous rule
> > > > contained a standard target, the standard target object is inserted into
> > > > xtables_targets. Though since that doesn't have a 'parse' callback, the
> > > > code segfaults. Therefore make the code ignore that special object
> > > > (which is not an issue since standard targets don't support parameters).
> > > 
> > > Hm, I see.
> > > 
> > > How can this the standard target get into this list?
> > 
> > IIRC, the code flow is like this:
> > 
> > -> do_commandeb() encounters '-j' parameter
> >   -> command_jump()
> >     -> xtables_find_target()
> >       -> xtables_fully_register_pending_target()
> 
> I see, but what is the rule that loads the standard target or it is
> already there?
> 
> Asking this because we don't seem to need this in the
> iptables/xtables.c parser.

For unknown arguments, do_parse() calls command_default() which searches
the list of matches in cs->matches. In ebtables, this code is different
in that the global xtables_matches list is searched instead. Probably
that's why standard target is encountered by ebtables but not iptables.

Cheers, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux