| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jul 2018 19:18:43 +0800
From: shaochun chen <cscnull@...il.com>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: Florian Westphal <fw@...len.de>,
netfilter-devel <netfilter-devel@...r.kernel.org>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH nf] netfilter: nf_tables: move dumper state alloation into ->start
conditions of dump isn't limit in nla, so if you replace cb->data with
cb->nla,
sometimes it's hard to implement user's dump().
2018-07-23 19:09 GMT+08:00 Pablo Neira Ayuso <pablo@...filter.org>:
> On Mon, Jul 23, 2018 at 12:47:14PM +0200, Florian Westphal wrote:
> > Shaochun Chen points out we leak dumper filter state allocations
> > stored in dump_control->data in case there is an error before netlink
> sets
> > cb_running (after which ->done will be called at some point).
> >
> > In order to fix this, add .start functions and do the allocations
> > there.
> >
> > ->done is going to clean up, and in case error occurs before
> > ->start invocation no cleanups need to be done anymore.
>
> LGTM. Thanks Florian
>
> BTW, probably we can add cb->nla with strict typing instead, so we
> don't need to use cb->data. This cb->nla would be only valid from
> .start().
>
> Then, set cb->nla to NULL after .start() is called. Just to make sure
> people don't make wrong assumptions and try to access this from the
> classic dump path?
>
> Just an idea.
>
Content of type "text/html" skipped
Powered by blists - more mailing lists