* [libnftnl PATCH 1/2 v2] src: not create iterator with empty list
@ 2015-01-12 13:46 Alvaro Neira Ayuso
2015-01-12 13:46 ` [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset() Alvaro Neira Ayuso
2015-01-15 12:10 ` [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Alvaro Neira Ayuso @ 2015-01-12 13:46 UTC (permalink / raw)
To: netfilter-devel
Now, we create iterator without test if the list is empty. If the list
is empty, we have a crash when we set up the current element.
With this patch, we test if the list is empty before to create the iterator. If
the list is empty the iterator return NULL.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
[changes in v2]
* If the list is empty, we set iter->cur to NULL and we check it in _next.
src/chain.c | 8 +++++++-
src/rule.c | 17 +++++++++++++++--
src/set.c | 8 +++++++-
src/set_elem.c | 9 ++++++++-
src/table.c | 8 +++++++-
5 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index b67385e..26ad14d 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -973,7 +973,10 @@ struct nft_chain_list_iter *nft_chain_list_iter_create(struct nft_chain_list *l)
return NULL;
iter->list = l;
- iter->cur = list_entry(l->list.next, struct nft_chain, head);
+ if (nft_chain_list_is_empty(l))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(l->list.next, struct nft_chain, head);
return iter;
}
@@ -983,6 +986,9 @@ struct nft_chain *nft_chain_list_iter_next(struct nft_chain_list_iter *iter)
{
struct nft_chain *r = iter->cur;
+ if (r == NULL)
+ return NULL;
+
/* get next chain, if any */
iter->cur = list_entry(iter->cur->head.next, struct nft_chain, head);
if (&iter->cur->head == iter->list->list.next)
diff --git a/src/rule.c b/src/rule.c
index c974f8b..ac5136c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1043,7 +1043,11 @@ struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r)
return NULL;
iter->r = r;
- iter->cur = list_entry(r->expr_list.next, struct nft_rule_expr, head);
+ if (list_empty(&r->expr_list))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(r->expr_list.next, struct nft_rule_expr,
+ head);
return iter;
}
@@ -1053,6 +1057,9 @@ struct nft_rule_expr *nft_rule_expr_iter_next(struct nft_rule_expr_iter *iter)
{
struct nft_rule_expr *expr = iter->cur;
+ if (expr == NULL)
+ return NULL;
+
/* get next expression, if any */
iter->cur = list_entry(iter->cur->head.next, struct nft_rule_expr, head);
if (&iter->cur->head == iter->r->expr_list.next)
@@ -1152,7 +1159,10 @@ struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l)
return NULL;
iter->list = l;
- iter->cur = list_entry(l->list.next, struct nft_rule, head);
+ if (nft_rule_list_is_empty(l))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(l->list.next, struct nft_rule, head);
return iter;
}
@@ -1168,6 +1178,9 @@ struct nft_rule *nft_rule_list_iter_next(struct nft_rule_list_iter *iter)
{
struct nft_rule *r = iter->cur;
+ if (r == NULL)
+ return NULL;
+
/* get next rule, if any */
iter->cur = list_entry(iter->cur->head.next, struct nft_rule, head);
if (&iter->cur->head == iter->list->list.next)
diff --git a/src/set.c b/src/set.c
index 2385031..61e0632 100644
--- a/src/set.c
+++ b/src/set.c
@@ -1020,7 +1020,10 @@ struct nft_set_list_iter *nft_set_list_iter_create(struct nft_set_list *l)
return NULL;
iter->list = l;
- iter->cur = list_entry(l->list.next, struct nft_set, head);
+ if (nft_set_list_is_empty(l))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(l->list.next, struct nft_set, head);
return iter;
}
@@ -1036,6 +1039,9 @@ struct nft_set *nft_set_list_iter_next(struct nft_set_list_iter *iter)
{
struct nft_set *s = iter->cur;
+ if (s == NULL)
+ return NULL;
+
/* get next rule, if any */
iter->cur = list_entry(iter->cur->head.next, struct nft_set, head);
if (&iter->cur->head == iter->list->list.next)
diff --git a/src/set_elem.c b/src/set_elem.c
index 95f12bf..4f52b1a 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -690,7 +690,11 @@ struct nft_set_elems_iter *nft_set_elems_iter_create(struct nft_set *s)
iter->set = s;
iter->list = &s->element_list;
- iter->cur = list_entry(s->element_list.next, struct nft_set_elem, head);
+ if (list_empty(&s->element_list))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(s->element_list.next,
+ struct nft_set_elem, head);
return iter;
}
@@ -706,6 +710,9 @@ struct nft_set_elem *nft_set_elems_iter_next(struct nft_set_elems_iter *iter)
{
struct nft_set_elem *s = iter->cur;
+ if (s == NULL)
+ return NULL;
+
iter->cur = list_entry(iter->cur->head.next, struct nft_set_elem, head);
if (&iter->cur->head == iter->list->next)
return NULL;
diff --git a/src/table.c b/src/table.c
index c93e6fb..e947394 100644
--- a/src/table.c
+++ b/src/table.c
@@ -544,7 +544,10 @@ struct nft_table_list_iter *nft_table_list_iter_create(struct nft_table_list *l)
return NULL;
iter->list = l;
- iter->cur = list_entry(l->list.next, struct nft_table, head);
+ if (nft_table_list_is_empty(l))
+ iter->cur = NULL;
+ else
+ iter->cur = list_entry(l->list.next, struct nft_table, head);
return iter;
}
@@ -554,6 +557,9 @@ struct nft_table *nft_table_list_iter_next(struct nft_table_list_iter *iter)
{
struct nft_table *r = iter->cur;
+ if (r == NULL)
+ return NULL;
+
/* get next table, if any */
iter->cur = list_entry(iter->cur->head.next, struct nft_table, head);
if (&iter->cur->head == iter->list->list.next)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset()
2015-01-12 13:46 [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Alvaro Neira Ayuso
@ 2015-01-12 13:46 ` Alvaro Neira Ayuso
2015-01-15 12:11 ` Pablo Neira Ayuso
2015-01-15 12:10 ` [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Alvaro Neira Ayuso @ 2015-01-12 13:46 UTC (permalink / raw)
To: netfilter-devel
Refactor the parsing ruleset element functions calls in xml/json to do that
calls in the functions nft_ruleset_*_parse_ruleset. This patch is used in follow
up patches.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
src/ruleset.c | 59 ++++++++++++++++++++++++++++++++++++++-------------------
1 file changed, 39 insertions(+), 20 deletions(-)
diff --git a/src/ruleset.c b/src/ruleset.c
index a397824..6488d72 100644
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -332,6 +332,24 @@ err:
#endif
+static int nft_ruleset_json_parse_ruleset(struct nft_ruleset *rs, json_t *array,
+ struct nft_parse_err *err)
+{
+ if (nft_ruleset_json_parse_tables(rs, array, err) != 0)
+ return -1;
+
+ if (nft_ruleset_json_parse_chains(rs, array, err) != 0)
+ return -1;
+
+ if (nft_ruleset_json_parse_sets(rs, array, err) != 0)
+ return -1;
+
+ if (nft_ruleset_json_parse_rules(rs, array, err) != 0)
+ return -1;
+
+ return 0;
+}
+
static int nft_ruleset_json_parse(struct nft_ruleset *rs, const void *json,
struct nft_parse_err *err, enum nft_parse_input input)
{
@@ -349,16 +367,7 @@ static int nft_ruleset_json_parse(struct nft_ruleset *rs, const void *json,
goto err;
}
- if (nft_ruleset_json_parse_tables(rs, array, err) != 0)
- goto err;
-
- if (nft_ruleset_json_parse_chains(rs, array, err) != 0)
- goto err;
-
- if (nft_ruleset_json_parse_sets(rs, array, err) != 0)
- goto err;
-
- if (nft_ruleset_json_parse_rules(rs, array, err) != 0)
+ if (nft_ruleset_json_parse_ruleset(rs, array, err) != 0)
goto err;
nft_jansson_free_root(root);
@@ -539,6 +548,25 @@ err_free:
}
#endif
+static int nft_ruleset_xml_parse_ruleset(struct nft_ruleset *rs,
+ mxml_node_t *tree,
+ struct nft_parse_err *err)
+{
+ if (nft_ruleset_xml_parse_tables(rs, tree, err) != 0)
+ return -1;
+
+ if (nft_ruleset_xml_parse_chains(rs, tree, err) != 0)
+ return -1;
+
+ if (nft_ruleset_xml_parse_sets(rs, tree, err) != 0)
+ return -1;
+
+ if (nft_ruleset_xml_parse_rules(rs, tree, err, rs->set_list) != 0)
+ return -1;
+
+ return 0;
+}
+
static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const void *xml,
struct nft_parse_err *err, enum nft_parse_input input)
{
@@ -549,16 +577,7 @@ static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const void *xml,
if (tree == NULL)
return -1;
- if (nft_ruleset_xml_parse_tables(rs, tree, err) != 0)
- goto err;
-
- if (nft_ruleset_xml_parse_chains(rs, tree, err) != 0)
- goto err;
-
- if (nft_ruleset_xml_parse_sets(rs, tree, err) != 0)
- goto err;
-
- if (nft_ruleset_xml_parse_rules(rs, tree, err, rs->set_list) != 0)
+ if (nft_ruleset_xml_parse_ruleset(rs, tree, err) != 0)
goto err;
mxmlDelete(tree);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [libnftnl PATCH 1/2 v2] src: not create iterator with empty list
2015-01-12 13:46 [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Alvaro Neira Ayuso
2015-01-12 13:46 ` [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset() Alvaro Neira Ayuso
@ 2015-01-15 12:10 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-01-15 12:10 UTC (permalink / raw)
To: Alvaro Neira Ayuso; +Cc: netfilter-devel
On Mon, Jan 12, 2015 at 02:46:14PM +0100, Alvaro Neira Ayuso wrote:
> Now, we create iterator without test if the list is empty. If the list
> is empty, we have a crash when we set up the current element.
> With this patch, we test if the list is empty before to create the iterator. If
> the list is empty the iterator return NULL.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset()
2015-01-12 13:46 ` [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset() Alvaro Neira Ayuso
@ 2015-01-15 12:11 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-01-15 12:11 UTC (permalink / raw)
To: Alvaro Neira Ayuso; +Cc: netfilter-devel
On Mon, Jan 12, 2015 at 02:46:15PM +0100, Alvaro Neira Ayuso wrote:
> Refactor the parsing ruleset element functions calls in xml/json to do that
> calls in the functions nft_ruleset_*_parse_ruleset. This patch is used in follow
> up patches.
Applied with minor change.
>
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
> ---
> src/ruleset.c | 59 ++++++++++++++++++++++++++++++++++++++-------------------
> 1 file changed, 39 insertions(+), 20 deletions(-)
>
> diff --git a/src/ruleset.c b/src/ruleset.c
> index a397824..6488d72 100644
> --- a/src/ruleset.c
> +++ b/src/ruleset.c
> @@ -332,6 +332,24 @@ err:
>
> #endif
I had to move this endif to cover this new function too, so I don't
get compilation warnings with XML/JSON disabled.
> +static int nft_ruleset_json_parse_ruleset(struct nft_ruleset *rs, json_t *array,
> + struct nft_parse_err *err)
> +{
> + if (nft_ruleset_json_parse_tables(rs, array, err) != 0)
> + return -1;
> +
> + if (nft_ruleset_json_parse_chains(rs, array, err) != 0)
> + return -1;
> +
> + if (nft_ruleset_json_parse_sets(rs, array, err) != 0)
> + return -1;
> +
> + if (nft_ruleset_json_parse_rules(rs, array, err) != 0)
> + return -1;
> +
> + return 0;
> +}
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-01-15 12:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-12 13:46 [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Alvaro Neira Ayuso
2015-01-12 13:46 ` [libnftnl PATCH 2/2] ruleset: refactor ruleset element parsing function calls to nft_ruleset_*_parse_ruleset() Alvaro Neira Ayuso
2015-01-15 12:11 ` Pablo Neira Ayuso
2015-01-15 12:10 ` [libnftnl PATCH 1/2 v2] src: not create iterator with empty list Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.