* [iptables PATCH 1/2] extensions: among: Remove pointless fall through
@ 2022-10-01 11:51 Phil Sutter
2022-10-01 11:51 ` [iptables PATCH 2/2] extensions: among: Fix for use with ebtables-restore Phil Sutter
0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2022-10-01 11:51 UTC (permalink / raw)
To: netfilter-devel
This seems to be a leftover from an earlier version of the switch().
This fall through is never effective as the next case's code will never
apply. So just break instead.
Fixes: 26753888720d8 ("nft: bridge: Rudimental among extension support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
extensions/libebt_among.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/extensions/libebt_among.c b/extensions/libebt_among.c
index 7eb898f984bba..c607a775539d3 100644
--- a/extensions/libebt_among.c
+++ b/extensions/libebt_among.c
@@ -152,10 +152,9 @@ static int bramong_parse(int c, char **argv, int invert,
xtables_error(PARAMETER_PROBLEM,
"File should only contain one line");
optarg[flen-1] = '\0';
- /* fall through */
+ break;
case AMONG_DST:
- if (c == AMONG_DST)
- dst = true;
+ dst = true;
/* fall through */
case AMONG_SRC:
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [iptables PATCH 2/2] extensions: among: Fix for use with ebtables-restore
2022-10-01 11:51 [iptables PATCH 1/2] extensions: among: Remove pointless fall through Phil Sutter
@ 2022-10-01 11:51 ` Phil Sutter
0 siblings, 0 replies; 2+ messages in thread
From: Phil Sutter @ 2022-10-01 11:51 UTC (permalink / raw)
To: netfilter-devel
When restoring multiple rules which use among match, new size may be
smaller than the old one which caused invalid writes by the memcpy()
call. Expect this and realloc the match only if it needs to grow. Also
use realloc instead of freeing and allocating from scratch.
Fixes: 26753888720d8 ("nft: bridge: Rudimental among extension support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
extensions/libebt_among.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/extensions/libebt_among.c b/extensions/libebt_among.c
index c607a775539d3..1eab201984408 100644
--- a/extensions/libebt_among.c
+++ b/extensions/libebt_among.c
@@ -119,7 +119,6 @@ static int bramong_parse(int c, char **argv, int invert,
struct xt_entry_match **match)
{
struct nft_among_data *data = (struct nft_among_data *)(*match)->data;
- struct xt_entry_match *new_match;
bool have_ip, dst = false;
size_t new_size, cnt;
struct stat stats;
@@ -170,18 +169,17 @@ static int bramong_parse(int c, char **argv, int invert,
new_size *= sizeof(struct nft_among_pair);
new_size += XT_ALIGN(sizeof(struct xt_entry_match)) +
sizeof(struct nft_among_data);
- new_match = xtables_calloc(1, new_size);
- memcpy(new_match, *match, (*match)->u.match_size);
- new_match->u.match_size = new_size;
- data = (struct nft_among_data *)new_match->data;
+ if (new_size > (*match)->u.match_size) {
+ *match = xtables_realloc(*match, new_size);
+ (*match)->u.match_size = new_size;
+ data = (struct nft_among_data *)(*match)->data;
+ }
+
have_ip = nft_among_pairs_have_ip(optarg);
poff = nft_among_prepare_data(data, dst, cnt, invert, have_ip);
parse_nft_among_pairs(data->pairs + poff, optarg, cnt, have_ip);
- free(*match);
- *match = new_match;
-
if (c == AMONG_DST_F || c == AMONG_SRC_F) {
munmap(argv, flen);
close(fd);
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-01 11:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-01 11:51 [iptables PATCH 1/2] extensions: among: Remove pointless fall through Phil Sutter
2022-10-01 11:51 ` [iptables PATCH 2/2] extensions: among: Fix for use with ebtables-restore Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).