* [nft PATCH] xt: Fix translation error path
@ 2023-03-28 12:26 Phil Sutter
2023-03-30 11:15 ` Phil Sutter
0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2023-03-28 12:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
If xtables support was compiled in but the required libxtables DSO is
not found, nft prints an error message and leaks memory:
| counter packets 0 bytes 0 XT target MASQUERADE not found
This is not as bad as it seems, the output combines stdout and stderr.
Dropping stderr produces an incomplete ruleset listing, though. While
this seemingly inline output can't easily be avoided, fix a few things:
* Respect octx->error_fp, libnftables might have been configured to
redirect stderr somewhere else.
* Align error message formatting with others.
* Don't return immediately, but free allocated memory and fall back to
printing the expression in "untranslated" form.
Fixes: 5c30feeee5cfe ("xt: Delay libxtables access until translation")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/xt.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/xt.c b/src/xt.c
index f63096a554e7f..b17aafd565382 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -56,9 +56,10 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
case NFT_XT_MATCH:
mt = xtables_find_match(stmt->xt.name, XTF_TRY_LOAD, NULL);
if (!mt) {
- fprintf(stderr, "XT match %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT match %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*m)) + stmt->xt.infolen;
@@ -83,9 +84,10 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
case NFT_XT_TARGET:
tg = xtables_find_target(stmt->xt.name, XTF_TRY_LOAD);
if (!tg) {
- fprintf(stderr, "XT target %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT target %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*t)) + stmt->xt.infolen;
--
2.38.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [nft PATCH] xt: Fix translation error path
2023-03-28 12:26 [nft PATCH] xt: Fix translation error path Phil Sutter
@ 2023-03-30 11:15 ` Phil Sutter
0 siblings, 0 replies; 2+ messages in thread
From: Phil Sutter @ 2023-03-30 11:15 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
On Tue, Mar 28, 2023 at 02:26:16PM +0200, Phil Sutter wrote:
> If xtables support was compiled in but the required libxtables DSO is
> not found, nft prints an error message and leaks memory:
>
> | counter packets 0 bytes 0 XT target MASQUERADE not found
>
> This is not as bad as it seems, the output combines stdout and stderr.
> Dropping stderr produces an incomplete ruleset listing, though. While
> this seemingly inline output can't easily be avoided, fix a few things:
>
> * Respect octx->error_fp, libnftables might have been configured to
> redirect stderr somewhere else.
> * Align error message formatting with others.
> * Don't return immediately, but free allocated memory and fall back to
> printing the expression in "untranslated" form.
>
> Fixes: 5c30feeee5cfe ("xt: Delay libxtables access until translation")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
Patch applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-30 11:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-28 12:26 [nft PATCH] xt: Fix translation error path Phil Sutter
2023-03-30 11:15 ` Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).