From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v2 02/10] xshared: Share a common add_command() implementation
Date: Mon, 28 Oct 2019 16:48:10 +0100 [thread overview]
Message-ID: <20191028154818.31257-3-phil@nwl.cc> (raw)
In-Reply-To: <20191028154818.31257-1-phil@nwl.cc>
The shared definition of cmdflags is a super set of the previous one in
xtables-arp.c so while not being identical, they're compatible.
Avoid accidental array overstep in cmd2char() by incrementing an index
variable and checking its final value before using it as such.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 23 -----------------------
iptables/iptables.c | 23 -----------------------
iptables/xshared.c | 27 +++++++++++++++++++++++++++
iptables/xshared.h | 4 ++++
iptables/xtables-arp.c | 22 ----------------------
iptables/xtables.c | 23 -----------------------
6 files changed, 31 insertions(+), 91 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index ee463c9586862..9a9d71f1cdadc 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -69,8 +69,6 @@
#define CMD_ZERO_NUM 0x2000U
#define CMD_CHECK 0x4000U
#define NUMBER_OF_CMD 16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
#define NUMBER_OF_OPT ARRAY_SIZE(optflags)
static const char optflags[]
@@ -336,27 +334,6 @@ opt2char(int option)
return *ptr;
}
-static char
-cmd2char(int option)
-{
- const char *ptr;
- for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
- return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
- int invert)
-{
- if (invert)
- xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
- if (*cmd & (~othercmds))
- xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
- cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
- *cmd |= newcmd;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 544e87596e7e4..5fec25376c24f 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -65,8 +65,6 @@
#define CMD_ZERO_NUM 0x2000U
#define CMD_CHECK 0x4000U
#define NUMBER_OF_CMD 16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
#define OPT_FRAGMENT 0x00800U
#define NUMBER_OF_OPT ARRAY_SIZE(optflags)
@@ -335,27 +333,6 @@ opt2char(int option)
return *ptr;
}
-static char
-cmd2char(int option)
-{
- const char *ptr;
- for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
- return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
- int invert)
-{
- if (invert)
- xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
- if (*cmd & (~othercmds))
- xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
- cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
- *cmd |= newcmd;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 97f1b5d22fdbe..3baa805c64e6d 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -732,3 +732,30 @@ void command_jump(struct iptables_command_state *cs, const char *jumpto)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
xt_params->opts = opts;
}
+
+char cmd2char(int option)
+{
+ /* cmdflags index corresponds with position of bit in CMD_* values */
+ static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
+ 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
+ int i;
+
+ for (i = 0; option > 1; option >>= 1, i++)
+ ;
+ if (i >= ARRAY_SIZE(cmdflags))
+ xtables_error(OTHER_PROBLEM,
+ "cmd2char(): Invalid command number %u.\n",
+ 1 << i);
+ return cmdflags[i];
+}
+
+void add_command(unsigned int *cmd, const int newcmd,
+ const int othercmds, int invert)
+{
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
+ if (*cmd & (~othercmds))
+ xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
+ cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
+ *cmd |= newcmd;
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 64b7e8fc4b690..0b9b357c7bdaa 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -183,4 +183,8 @@ void command_match(struct iptables_command_state *cs);
const char *xt_parse_target(const char *targetname);
void command_jump(struct iptables_command_state *cs, const char *jumpto);
+char cmd2char(int option);
+void add_command(unsigned int *cmd, const int newcmd,
+ const int othercmds, int invert);
+
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8503f47fe2afe..584b6f0646821 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -81,8 +81,6 @@ typedef char arpt_chainlabel[32];
#define CMD_CHECK 0x0800U
#define CMD_RENAME_CHAIN 0x1000U
#define NUMBER_OF_CMD 13
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E' };
#define OPTION_OFFSET 256
@@ -462,26 +460,6 @@ opt2char(int option)
return *ptr;
}
-static char
-cmd2char(int option)
-{
- const char *ptr;
- for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
- return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const unsigned int othercmds, int invert)
-{
- if (invert)
- xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
- if (*cmd & (~othercmds))
- xtables_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
- cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
- *cmd |= newcmd;
-}
-
static int
check_inverse(const char option[], int *invert, int *optidx, int argc)
{
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 8a9e0edc3bea2..6dfa3f1171183 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -51,8 +51,6 @@
#endif
#define NUMBER_OF_CMD 16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
#define OPT_FRAGMENT 0x00800U
#define NUMBER_OF_OPT ARRAY_SIZE(optflags)
@@ -319,27 +317,6 @@ opt2char(int option)
return *ptr;
}
-static char
-cmd2char(int option)
-{
- const char *ptr;
- for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
- return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
- int invert)
-{
- if (invert)
- xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
- if (*cmd & (~othercmds))
- xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
- cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
- *cmd |= newcmd;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
--
2.23.0
next prev parent reply other threads:[~2019-10-28 15:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 15:48 [iptables PATCH v2 00/10] Reduce code size around arptables-nft Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 01/10] ip6tables, xtables-arp: Drop unused struct pprot Phil Sutter
2019-10-28 15:48 ` Phil Sutter [this message]
2019-10-28 15:48 ` [iptables PATCH v2 03/10] xshared: Share a common implementation of parse_rulenumber() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 04/10] Merge CMD_* defines Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 05/10] xtables-arp: Drop generic_opt_check() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 06/10] Replace TRUE/FALSE with true/false Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 07/10] xtables-arp: Integrate OPT_* defines into xshared.h Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 08/10] xtables-arp: Drop some unused variables Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 09/10] xtables-arp: Use xtables_parse_interface() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 10/10] nft-arp: Use xtables_print_mac_and_mask() Phil Sutter
2019-10-30 8:24 ` [iptables PATCH v2 00/10] Reduce code size around arptables-nft Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191028154818.31257-3-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).