netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v2 02/10] xshared: Share a common add_command() implementation
Date: Mon, 28 Oct 2019 16:48:10 +0100	[thread overview]
Message-ID: <20191028154818.31257-3-phil@nwl.cc> (raw)
In-Reply-To: <20191028154818.31257-1-phil@nwl.cc>

The shared definition of cmdflags is a super set of the previous one in
xtables-arp.c so while not being identical, they're compatible.

Avoid accidental array overstep in cmd2char() by incrementing an index
variable and checking its final value before using it as such.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/ip6tables.c   | 23 -----------------------
 iptables/iptables.c    | 23 -----------------------
 iptables/xshared.c     | 27 +++++++++++++++++++++++++++
 iptables/xshared.h     |  4 ++++
 iptables/xtables-arp.c | 22 ----------------------
 iptables/xtables.c     | 23 -----------------------
 6 files changed, 31 insertions(+), 91 deletions(-)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index ee463c9586862..9a9d71f1cdadc 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -69,8 +69,6 @@
 #define CMD_ZERO_NUM		0x2000U
 #define CMD_CHECK		0x4000U
 #define NUMBER_OF_CMD	16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-				 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define NUMBER_OF_OPT	ARRAY_SIZE(optflags)
 static const char optflags[]
@@ -336,27 +334,6 @@ opt2char(int option)
 	return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-	const char *ptr;
-	for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-	return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
-	    int invert)
-{
-	if (invert)
-		xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
-	if (*cmd & (~othercmds))
-		xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-			   cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-	*cmd |= newcmd;
-}
-
 /*
  *	All functions starting with "parse" should succeed, otherwise
  *	the program fails.
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 544e87596e7e4..5fec25376c24f 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -65,8 +65,6 @@
 #define CMD_ZERO_NUM		0x2000U
 #define CMD_CHECK		0x4000U
 #define NUMBER_OF_CMD	16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-				 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define OPT_FRAGMENT    0x00800U
 #define NUMBER_OF_OPT	ARRAY_SIZE(optflags)
@@ -335,27 +333,6 @@ opt2char(int option)
 	return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-	const char *ptr;
-	for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-	return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds, 
-	    int invert)
-{
-	if (invert)
-		xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-	if (*cmd & (~othercmds))
-		xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-			   cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-	*cmd |= newcmd;
-}
-
 /*
  *	All functions starting with "parse" should succeed, otherwise
  *	the program fails.
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 97f1b5d22fdbe..3baa805c64e6d 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -732,3 +732,30 @@ void command_jump(struct iptables_command_state *cs, const char *jumpto)
 		xtables_error(OTHER_PROBLEM, "can't alloc memory!");
 	xt_params->opts = opts;
 }
+
+char cmd2char(int option)
+{
+	/* cmdflags index corresponds with position of bit in CMD_* values */
+	static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
+					 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
+	int i;
+
+	for (i = 0; option > 1; option >>= 1, i++)
+		;
+	if (i >= ARRAY_SIZE(cmdflags))
+		xtables_error(OTHER_PROBLEM,
+			      "cmd2char(): Invalid command number %u.\n",
+			      1 << i);
+	return cmdflags[i];
+}
+
+void add_command(unsigned int *cmd, const int newcmd,
+		 const int othercmds, int invert)
+{
+	if (invert)
+		xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
+	if (*cmd & (~othercmds))
+		xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
+			   cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
+	*cmd |= newcmd;
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 64b7e8fc4b690..0b9b357c7bdaa 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -183,4 +183,8 @@ void command_match(struct iptables_command_state *cs);
 const char *xt_parse_target(const char *targetname);
 void command_jump(struct iptables_command_state *cs, const char *jumpto);
 
+char cmd2char(int option);
+void add_command(unsigned int *cmd, const int newcmd,
+		 const int othercmds, int invert);
+
 #endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8503f47fe2afe..584b6f0646821 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -81,8 +81,6 @@ typedef char arpt_chainlabel[32];
 #define CMD_CHECK		0x0800U
 #define CMD_RENAME_CHAIN	0x1000U
 #define NUMBER_OF_CMD	13
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-				 'N', 'X', 'P', 'E' };
 
 #define OPTION_OFFSET 256
 
@@ -462,26 +460,6 @@ opt2char(int option)
 	return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-	const char *ptr;
-	for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-	return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const unsigned int othercmds, int invert)
-{
-	if (invert)
-		xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-	if (*cmd & (~othercmds))
-		xtables_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
-			      cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-	*cmd |= newcmd;
-}
-
 static int
 check_inverse(const char option[], int *invert, int *optidx, int argc)
 {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 8a9e0edc3bea2..6dfa3f1171183 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -51,8 +51,6 @@
 #endif
 
 #define NUMBER_OF_CMD	16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-				 'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define OPT_FRAGMENT	0x00800U
 #define NUMBER_OF_OPT	ARRAY_SIZE(optflags)
@@ -319,27 +317,6 @@ opt2char(int option)
 	return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-	const char *ptr;
-	for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-	return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
-	    int invert)
-{
-	if (invert)
-		xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-	if (*cmd & (~othercmds))
-		xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-			   cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-	*cmd |= newcmd;
-}
-
 /*
  *	All functions starting with "parse" should succeed, otherwise
  *	the program fails.
-- 
2.23.0


  parent reply	other threads:[~2019-10-28 15:49 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-28 15:48 [iptables PATCH v2 00/10] Reduce code size around arptables-nft Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 01/10] ip6tables, xtables-arp: Drop unused struct pprot Phil Sutter
2019-10-28 15:48 ` Phil Sutter [this message]
2019-10-28 15:48 ` [iptables PATCH v2 03/10] xshared: Share a common implementation of parse_rulenumber() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 04/10] Merge CMD_* defines Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 05/10] xtables-arp: Drop generic_opt_check() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 06/10] Replace TRUE/FALSE with true/false Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 07/10] xtables-arp: Integrate OPT_* defines into xshared.h Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 08/10] xtables-arp: Drop some unused variables Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 09/10] xtables-arp: Use xtables_parse_interface() Phil Sutter
2019-10-28 15:48 ` [iptables PATCH v2 10/10] nft-arp: Use xtables_print_mac_and_mask() Phil Sutter
2019-10-30  8:24 ` [iptables PATCH v2 00/10] Reduce code size around arptables-nft Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191028154818.31257-3-phil@nwl.cc \
    --to=phil@nwl.cc \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).