lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 6 Aug 2008 17:47:51 +0300
From:	Denys Fedoryshchenko <denys@...p.net.lb>
To:	Stephen Hemminger <shemminger@...ux-foundation.org>
Cc:	netdev@...r.kernel.org, hadi@...erus.ca
Subject: [PATCH] correct pointer assignment in free_opts()


Invalid way of pointer assignment in free_opts causing global opts variable
pointingto freed memory. It was possible to trigger this bug only by batching
multiple rules with ipt action.

Signed-off-by: Denys Fedoryshchenko <denys@...p.net.lb>
Acked-by: Jamal Hadi Salim <hadi@...erus.ca>
Tested-by: Denys Fedoryshchenko <denys@...p.net.lb>

---
diff -uprN iproute-original/tc/m_ipt.c iproute2-patched2/tc/m_ipt.c
--- iproute-original/tc/m_ipt.c	2008-08-05 22:15:56.000000000 +0300
+++ iproute2-patched2/tc/m_ipt.c	2008-08-06 16:34:13.000000000 +0300
@@ -162,11 +162,11 @@ int string_to_number(const char *s, unsi
 	return result;
 }
 
-static void free_opts(struct option *opts)
+static void free_opts(struct option **opts)
 {
-	if (opts != original_opts) {
-		free(opts);
-		opts = original_opts;
+	if (*opts != original_opts) {
+		free(*opts);
+		*opts = original_opts;
 		global_option_offset = 0;
 	}
 }
@@ -455,7 +455,7 @@ static int parse_ipt(struct action_util 
 		if (matches(argv[optind], "index") == 0) {
 			if (get_u32(&index, argv[optind + 1], 10)) {
 				fprintf(stderr, "Illegal \"index\"\n");
-				free_opts(opts);
+				free_opts(&opts);
 				return -1;
 			}
 			iok++;
@@ -513,7 +513,7 @@ static int parse_ipt(struct action_util 
 	*argv_p = argv;
 
 	optind = 1;
-	free_opts(opts);
+	free_opts(&opts);
 
 	return 0;
 
@@ -594,7 +594,7 @@ print_ipt(struct action_util *au,FILE * 
 		fprintf(f, " \n");
 
 	}
-	free_opts(opts);
+	free_opts(&opts);
 
 	return 0;
 }
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ