* [PATCH] conntrackd: Use strdup in lexer
@ 2019-05-27 20:59 Ash Hughes
2019-05-30 15:02 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Ash Hughes @ 2019-05-27 20:59 UTC (permalink / raw)
To: netfilter-devel
Use strdup in the config file lexer to copy strings to yylval.string. This should solve the "[ERROR] unknown layer 3 protocol" problem here: https://www.spinics.net/lists/netfilter/msg58628.html
Signed-off-by: Ash Hughes <sehguh.hsa@gmail.com>
---
src/read_config_lex.l | 8 +++---
src/read_config_yy.y | 57 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 120bc00..b0d9e61 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -142,9 +142,9 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
{is_off} { return T_OFF; }
{integer} { yylval.val = atoi(yytext); return T_NUMBER; }
{signed_integer} { yylval.val = atoi(yytext); return T_SIGNED_NUMBER; }
-{ip4} { yylval.string = yytext; return T_IP; }
-{ip6} { yylval.string = yytext; return T_IP; }
-{path} { yylval.string = yytext; return T_PATH_VAL; }
+{ip4} { yylval.string = strdup(yytext); return T_IP; }
+{ip6} { yylval.string = strdup(yytext); return T_IP; }
+{path} { yylval.string = strdup(yytext); return T_PATH_VAL; }
{alarm} { return T_ALARM; }
{persistent} { dlog(LOG_WARNING, "Now `persistent' mode "
"is called `alarm'. Please, update "
@@ -156,7 +156,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
"your conntrackd.conf file.\n");
return T_FTFW; }
{notrack} { return T_NOTRACK; }
-{string} { yylval.string = yytext; return T_STRING; }
+{string} { yylval.string = strdup(yytext); return T_STRING; }
{comment} ;
{ws} ;
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 1d510ed..1cb9cce 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -117,6 +117,7 @@ logfile_bool : T_LOG T_OFF
logfile_path : T_LOG T_PATH_VAL
{
strncpy(conf.logfile, $2, FILENAME_MAXLEN);
+ free($2);
};
syslog_bool : T_SYSLOG T_ON
@@ -152,8 +153,10 @@ syslog_facility : T_SYSLOG T_STRING
else {
dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
"ignoring", $2);
+ free($2);
break;
}
+ free($2);
if (conf.stats.syslog_facility != -1 &&
conf.syslog_facility != conf.stats.syslog_facility)
@@ -164,6 +167,7 @@ syslog_facility : T_SYSLOG T_STRING
lock : T_LOCK T_PATH_VAL
{
strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
+ free($2);
};
refreshtime : T_REFRESH T_NUMBER
@@ -225,6 +229,7 @@ multicast_option : T_IPV4_ADDR T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
@@ -235,6 +240,7 @@ multicast_option : T_IPV4_ADDR T_IP
break;
}
+ free($2);
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET;
};
@@ -247,6 +253,7 @@ multicast_option : T_IPV6_ADDR T_IP
&conf.channel[conf.channel_num].u.mcast.in);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
+ free($2);
break;
} else if (err < 0) {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
@@ -257,6 +264,7 @@ multicast_option : T_IPV6_ADDR T_IP
dlog(LOG_WARNING, "your multicast address is IPv6 but "
"is binded to an IPv4 interface? "
"Surely this is not what you want");
+ free($2);
break;
}
@@ -269,12 +277,14 @@ multicast_option : T_IPV6_ADDR T_IP
idx = if_nametoindex($2);
if (!idx) {
dlog(LOG_WARNING, "%s is an invalid interface", $2);
+ free($2);
break;
}
conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
}
+ free($2);
};
multicast_option : T_IPV4_IFACE T_IP
@@ -283,8 +293,10 @@ multicast_option : T_IPV4_IFACE T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
+ free($2);
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) {
dlog(LOG_WARNING, "your multicast interface is IPv4 but "
@@ -299,6 +311,7 @@ multicast_option : T_IPV4_IFACE T_IP
multicast_option : T_IPV6_IFACE T_IP
{
dlog(LOG_WARNING, "`IPv6_interface' not required, ignoring");
+ free($2);
}
multicast_option : T_IFACE T_STRING
@@ -312,6 +325,7 @@ multicast_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
dlog(LOG_WARNING, "%s is an invalid interface", $2);
+ free($2);
break;
}
@@ -319,6 +333,8 @@ multicast_option : T_IFACE T_STRING
conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx;
conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6;
}
+
+ free($2);
};
multicast_option : T_GROUP T_NUMBER
@@ -390,8 +406,10 @@ udp_option : T_IPV4_ADDR T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
+ free($2);
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
};
@@ -404,12 +422,14 @@ udp_option : T_IPV6_ADDR T_IP
&conf.channel[conf.channel_num].u.udp.server.ipv6);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
+ free($2);
break;
} else if (err < 0) {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
exit(EXIT_FAILURE);
}
+ free($2);
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
};
@@ -419,8 +439,10 @@ udp_option : T_IPV4_DEST_ADDR T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
+ free($2);
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
};
@@ -433,12 +455,14 @@ udp_option : T_IPV6_DEST_ADDR T_IP
&conf.channel[conf.channel_num].u.udp.client);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
+ free($2);
break;
} else {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
exit(EXIT_FAILURE);
}
+ free($2);
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
};
@@ -452,9 +476,12 @@ udp_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
dlog(LOG_WARNING, "%s is an invalid interface", $2);
+ free($2);
break;
}
conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
+
+ free($2);
};
udp_option : T_PORT T_NUMBER
@@ -530,8 +557,10 @@ tcp_option : T_IPV4_ADDR T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
+ free($2);
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
};
@@ -544,12 +573,14 @@ tcp_option : T_IPV6_ADDR T_IP
&conf.channel[conf.channel_num].u.tcp.server.ipv6);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
+ free($2);
break;
} else if (err < 0) {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
exit(EXIT_FAILURE);
}
+ free($2);
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
};
@@ -559,8 +590,10 @@ tcp_option : T_IPV4_DEST_ADDR T_IP
if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) {
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
+ free($2);
break;
}
+ free($2);
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET;
};
@@ -573,12 +606,14 @@ tcp_option : T_IPV6_DEST_ADDR T_IP
&conf.channel[conf.channel_num].u.tcp.client);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
+ free($2);
break;
} else if (err < 0) {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
exit(EXIT_FAILURE);
}
+ free($2);
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
};
@@ -592,9 +627,12 @@ tcp_option : T_IFACE T_STRING
idx = if_nametoindex($2);
if (!idx) {
dlog(LOG_WARNING, "%s is an invalid interface", $2);
+ free($2);
break;
}
conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx;
+
+ free($2);
};
tcp_option : T_PORT T_NUMBER
@@ -652,6 +690,7 @@ unix_options:
unix_option : T_PATH T_PATH_VAL
{
strncpy(conf.local.path, $2, PATH_MAX);
+ free($2);
};
unix_option : T_BACKLOG T_NUMBER
@@ -739,6 +778,7 @@ expect_list:
expect_item: T_STRING
{
exp_filter_add(STATE(exp_filter), $1);
+ free($1);
}
sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}'
@@ -988,6 +1028,8 @@ scheduler_line : T_TYPE T_STRING
dlog(LOG_ERR, "unknown scheduler `%s'", $2);
exit(EXIT_FAILURE);
}
+
+ free($2);
};
scheduler_line : T_PRIO T_NUMBER
@@ -1065,8 +1107,10 @@ filter_protocol_item : T_STRING
if (pent == NULL) {
dlog(LOG_WARNING, "getprotobyname() cannot find "
"protocol `%s' in /etc/protocols", $1);
+ free($1);
break;
}
+ free($1);
ct_filter_add_proto(STATE(us_filter), pent->p_proto);
__kernel_filter_start();
@@ -1163,12 +1207,14 @@ filter_address_item : T_IPV4_ADDR T_IP
if (cidr > 32) {
dlog(LOG_WARNING, "%s/%d is not a valid network, "
"ignoring", $2, cidr);
+ free($2);
break;
}
}
if (!inet_aton($2, &ip.ipv4)) {
dlog(LOG_WARNING, "%s is not a valid IPv4, ignoring", $2);
+ free($2);
break;
}
@@ -1194,6 +1240,7 @@ filter_address_item : T_IPV4_ADDR T_IP
"ignore pool!");
}
}
+ free($2);
__kernel_filter_start();
/* host byte order */
@@ -1223,6 +1270,7 @@ filter_address_item : T_IPV6_ADDR T_IP
if (cidr > 128) {
dlog(LOG_WARNING, "%s/%d is not a valid network, "
"ignoring", $2, cidr);
+ free($2);
break;
}
}
@@ -1230,6 +1278,7 @@ filter_address_item : T_IPV6_ADDR T_IP
err = inet_pton(AF_INET6, $2, &ip.ipv6);
if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2);
+ free($2);
break;
} else if (err < 0) {
dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
@@ -1256,6 +1305,7 @@ filter_address_item : T_IPV6_ADDR T_IP
"ignore pool!");
}
}
+ free($2);
__kernel_filter_start();
/* host byte order */
@@ -1326,6 +1376,7 @@ stat_logfile_bool : T_LOG T_OFF
stat_logfile_path : T_LOG T_PATH_VAL
{
strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
+ free($2);
};
stat_syslog_bool : T_SYSLOG T_ON
@@ -1361,8 +1412,10 @@ stat_syslog_facility : T_SYSLOG T_STRING
else {
dlog(LOG_WARNING, "'%s' is not a known syslog facility, "
"ignoring.", $2);
+ free($2);
break;
}
+ free($2);
if (conf.syslog_facility != -1 &&
conf.stats.syslog_facility != conf.syslog_facility)
@@ -1398,6 +1451,7 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
dlog(LOG_ERR, "unknown layer 3 protocol");
exit(EXIT_FAILURE);
}
+ free($3);
if (strcmp($4, "tcp") == 0)
l4proto = IPPROTO_TCP;
@@ -1407,6 +1461,7 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
dlog(LOG_ERR, "unknown layer 4 protocol");
exit(EXIT_FAILURE);
}
+ free($4);
#ifdef BUILD_CTHELPER
helper = helper_find(CONNTRACKD_LIB_DIR, $2, l4proto, RTLD_NOW);
@@ -1418,6 +1473,7 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}'
dlog(LOG_ERR, "Helper support is disabled, recompile conntrackd");
exit(EXIT_FAILURE);
#endif
+ free($2);
helper_inst = calloc(1, sizeof(struct ctd_helper_instance));
if (helper_inst == NULL)
@@ -1526,6 +1582,7 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
policy = (struct ctd_helper_policy *) &e->data;
strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
+ free($2);
policy->name[CTD_HELPER_NAME_LEN-1] = '\0';
/* Now object is complete. */
e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
--
2.21.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] conntrackd: Use strdup in lexer
2019-05-27 20:59 [PATCH] conntrackd: Use strdup in lexer Ash Hughes
@ 2019-05-30 15:02 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-05-30 15:02 UTC (permalink / raw)
To: Ash Hughes; +Cc: netfilter-devel
Hi Ash,
On Mon, May 27, 2019 at 09:59:43PM +0100, Ash Hughes wrote:
> Use strdup in the config file lexer to copy strings to
> yylval.string. This should solve the "[ERROR] unknown layer 3
> protocol" problem here:
> https://www.spinics.net/lists/netfilter/msg58628.html
Thanks, this indeed fixes the problem.
One request below:
> diff --git a/src/read_config_yy.y b/src/read_config_yy.y
> index 1d510ed..1cb9cce 100644
> --- a/src/read_config_yy.y
> +++ b/src/read_config_yy.y
> @@ -117,6 +117,7 @@ logfile_bool : T_LOG T_OFF
> logfile_path : T_LOG T_PATH_VAL
> {
> strncpy(conf.logfile, $2, FILENAME_MAXLEN);
> + free($2);
^^^^
Could you submit a v2 using 8-char tab indentation instead of spaces?
Thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-30 15:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-27 20:59 [PATCH] conntrackd: Use strdup in lexer Ash Hughes
2019-05-30 15:02 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).