* [nft PATCH] misspell: Avoid segfault with anonymous chains
@ 2022-03-04 10:37 Phil Sutter
2022-03-04 11:11 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Phil Sutter @ 2022-03-04 10:37 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
When trying to add a rule which contains an anonymous chain to a
non-existent chain, string_misspell_update() is called with a NULL
string because the anonymous chain has no name. Avoid this by making the
function NULL-pointer tolerant.
c330152b7f777 ("src: support for implicit chain bindings")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/misspell.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/misspell.c b/src/misspell.c
index 6536d7557a445..f213a240005e6 100644
--- a/src/misspell.c
+++ b/src/misspell.c
@@ -80,8 +80,8 @@ int string_misspell_update(const char *a, const char *b,
{
unsigned int len_a, len_b, max_len, min_len, distance, threshold;
- len_a = strlen(a);
- len_b = strlen(b);
+ len_a = a ? strlen(a) : 0;
+ len_b = b ? strlen(b) : 0;
max_len = max(len_a, len_b);
min_len = min(len_a, len_b);
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [nft PATCH] misspell: Avoid segfault with anonymous chains
2022-03-04 10:37 [nft PATCH] misspell: Avoid segfault with anonymous chains Phil Sutter
@ 2022-03-04 11:11 ` Pablo Neira Ayuso
2022-03-04 12:15 ` Phil Sutter
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2022-03-04 11:11 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]
Hi Phil,
On Fri, Mar 04, 2022 at 11:37:11AM +0100, Phil Sutter wrote:
> When trying to add a rule which contains an anonymous chain to a
> non-existent chain, string_misspell_update() is called with a NULL
> string because the anonymous chain has no name. Avoid this by making the
> function NULL-pointer tolerant.
>
> c330152b7f777 ("src: support for implicit chain bindings")
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> src/misspell.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/misspell.c b/src/misspell.c
> index 6536d7557a445..f213a240005e6 100644
> --- a/src/misspell.c
> +++ b/src/misspell.c
> @@ -80,8 +80,8 @@ int string_misspell_update(const char *a, const char *b,
> {
> unsigned int len_a, len_b, max_len, min_len, distance, threshold;
>
> - len_a = strlen(a);
> - len_b = strlen(b);
> + len_a = a ? strlen(a) : 0;
> + len_b = b ? strlen(b) : 0;
string_distance() assumes non-NULL too.
probably shortcircuit chain_lookup_fuzzy() earlier since h->chain.name
is always NULL, to avoid the useless loop.
Patch attached.
> max_len = max(len_a, len_b);
> min_len = min(len_a, len_b);
> --
> 2.34.1
>
[-- Attachment #2: x.patch --]
[-- Type: text/x-diff, Size: 376 bytes --]
diff --git a/src/rule.c b/src/rule.c
index b1700c40079d..19b8cb0323ee 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -758,6 +758,9 @@ struct chain *chain_lookup_fuzzy(const struct handle *h,
struct table *table;
struct chain *chain;
+ if (!h->chain.name)
+ return NULL;
+
string_misspell_init(&st);
list_for_each_entry(table, &cache->table_cache.list, cache.list) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [nft PATCH] misspell: Avoid segfault with anonymous chains
2022-03-04 11:11 ` Pablo Neira Ayuso
@ 2022-03-04 12:15 ` Phil Sutter
2022-03-07 21:08 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Phil Sutter @ 2022-03-04 12:15 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
On Fri, Mar 04, 2022 at 12:11:53PM +0100, Pablo Neira Ayuso wrote:
> Hi Phil,
>
> On Fri, Mar 04, 2022 at 11:37:11AM +0100, Phil Sutter wrote:
> > When trying to add a rule which contains an anonymous chain to a
> > non-existent chain, string_misspell_update() is called with a NULL
> > string because the anonymous chain has no name. Avoid this by making the
> > function NULL-pointer tolerant.
> >
> > c330152b7f777 ("src: support for implicit chain bindings")
> >
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> > src/misspell.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/misspell.c b/src/misspell.c
> > index 6536d7557a445..f213a240005e6 100644
> > --- a/src/misspell.c
> > +++ b/src/misspell.c
> > @@ -80,8 +80,8 @@ int string_misspell_update(const char *a, const char *b,
> > {
> > unsigned int len_a, len_b, max_len, min_len, distance, threshold;
> >
> > - len_a = strlen(a);
> > - len_b = strlen(b);
> > + len_a = a ? strlen(a) : 0;
> > + len_b = b ? strlen(b) : 0;
>
> string_distance() assumes non-NULL too.
Which is called from string_misspell_update() only which with my patch
returns early due to 'max_len <= 1'.
> probably shortcircuit chain_lookup_fuzzy() earlier since h->chain.name
> is always NULL, to avoid the useless loop.
Fine with me, too! What about allocating a name for the anonymous chain
instead? I guess similar treatment as with sets would make sense. Might
also help with netlink debug output:
| # nft --debug=netlink insert rule inet x y 'goto { accept; }'
| inet (null) (null) use 0
| inet x
| [ immediate reg 0 accept ]
|
| inet x y
| [ immediate reg 0 goto ]
| [...]
Thanks, Phil
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft PATCH] misspell: Avoid segfault with anonymous chains
2022-03-04 12:15 ` Phil Sutter
@ 2022-03-07 21:08 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2022-03-07 21:08 UTC (permalink / raw)
To: Phil Sutter, netfilter-devel
On Fri, Mar 04, 2022 at 01:15:59PM +0100, Phil Sutter wrote:
> On Fri, Mar 04, 2022 at 12:11:53PM +0100, Pablo Neira Ayuso wrote:
> > Hi Phil,
> >
> > On Fri, Mar 04, 2022 at 11:37:11AM +0100, Phil Sutter wrote:
> > > When trying to add a rule which contains an anonymous chain to a
> > > non-existent chain, string_misspell_update() is called with a NULL
> > > string because the anonymous chain has no name. Avoid this by making the
> > > function NULL-pointer tolerant.
> > >
> > > c330152b7f777 ("src: support for implicit chain bindings")
> > >
> > > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > > ---
> > > src/misspell.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/src/misspell.c b/src/misspell.c
> > > index 6536d7557a445..f213a240005e6 100644
> > > --- a/src/misspell.c
> > > +++ b/src/misspell.c
> > > @@ -80,8 +80,8 @@ int string_misspell_update(const char *a, const char *b,
> > > {
> > > unsigned int len_a, len_b, max_len, min_len, distance, threshold;
> > >
> > > - len_a = strlen(a);
> > > - len_b = strlen(b);
> > > + len_a = a ? strlen(a) : 0;
> > > + len_b = b ? strlen(b) : 0;
> >
> > string_distance() assumes non-NULL too.
>
> Which is called from string_misspell_update() only which with my patch
> returns early due to 'max_len <= 1'.
>
> > probably shortcircuit chain_lookup_fuzzy() earlier since h->chain.name
> > is always NULL, to avoid the useless loop.
>
> Fine with me, too! What about allocating a name for the anonymous chain
> instead?
A dummy name could be allocated, but the kernel does not need the
chain name at this stage (it uses the ephemeral 32-bit chain ID
instead which is only valid in the netlink batch).
Probably set_lookup_fuzzy() should also short-circuit early the
misspell logic for anonymous sets.
> I guess similar treatment as with sets would make sense. Might
> also help with netlink debug output:
>
> | # nft --debug=netlink insert rule inet x y 'goto { accept; }'
> | inet (null) (null) use 0
# nft add table x
# nft --debug=netlink add chain x y
ip (null) (null) use 0
table is null, at least this one should be set on, but this is
a partially different issue.
> | inet x
> | [ immediate reg 0 accept ]
> |
> | inet x y
> | [ immediate reg 0 goto ]
> | [...]
>
> Thanks, Phil
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-07 21:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-04 10:37 [nft PATCH] misspell: Avoid segfault with anonymous chains Phil Sutter
2022-03-04 11:11 ` Pablo Neira Ayuso
2022-03-04 12:15 ` Phil Sutter
2022-03-07 21:08 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.