On Tue, Jun 23, 2020 at 02:34:01PM +0200, Daniel Gröber wrote:
> When type is out of range for the invmap_icmp{,v6} array we leave rtype at
> zero which will map to type=255 just like other error cases in this
> function.
>
> Signed-off-by: Daniel Gröber <dxld@xxxxxxxxxxxxx>
> ---
> src/conntrack/grp_setter.c | 8 +++++---
> src/conntrack/setter.c | 11 +++++++----
> 2 files changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c
> index fccf578..dfbdc91 100644
> --- a/src/conntrack/grp_setter.c
> +++ b/src/conntrack/grp_setter.c
> @@ -85,18 +85,20 @@ static void set_attr_grp_repl_port(struct nf_conntrack *ct, const void *value)
>
> static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
> {
> - uint8_t rtype;
> + uint8_t rtype = 0;
> const struct nfct_attr_grp_icmp *this = value;
>
> ct->head.orig.l4dst.icmp.type = this->type;
>
> switch(ct->head.orig.l3protonum) {
> case AF_INET:
> - rtype = invmap_icmp[this->type];
> + if(this->type < asizeof(invmap_icmp))
> + rtype = invmap_icmp[this->type];
Probably add a small helper function for this?
static inline uint8_t icmp_invmap(uint8_t type)
{
assert(this->type < ARRAY_SIZE(invmap_icmp));
return invmap_icmp[this->type];
}
> diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
> index 0157de4..ed65ba0 100644
> --- a/src/conntrack/setter.c
> +++ b/src/conntrack/setter.c
> @@ -124,17 +124,20 @@ set_attr_repl_zone(struct nf_conntrack *ct, const void *value, size_t len)
> static void
> set_attr_icmp_type(struct nf_conntrack *ct, const void *value, size_t len)
> {
> - uint8_t rtype;
> + uint8_t type = *((uint8_t *) value);
> + uint8_t rtype = 0;
>
> - ct->head.orig.l4dst.icmp.type = *((uint8_t *) value);
> + ct->head.orig.l4dst.icmp.type = type;
>
> switch(ct->head.orig.l3protonum) {
> case AF_INET:
> - rtype = invmap_icmp[*((uint8_t *) value)];
> + if(type < asizeof(invmap_icmp))
> + rtype = invmap_icmp[type];
Make sure indentation tab is 8-char instead of spaces.
Thanks.
