| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170523134057.23775-1-phil@nwl.cc>
Date: Tue, 23 May 2017 15:40:57 +0200
From: Phil Sutter <phil@....cc>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev@...r.kernel.org, Phil Sutter <psutter@...hat.com>
Subject: [iproute PATCH] tc: m_xt: Prevent a segfault in libipt
From: Phil Sutter <psutter@...hat.com>
This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These
are still not usable with this patch, but at least tc doesn't crash
anymore when one tries to use them.
Signed-off-by: Phil Sutter <phil@....cc>
---
tc/m_xt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tc/m_xt.c b/tc/m_xt.c
index e59df8e10afef..ad52d239caf61 100644
--- a/tc/m_xt.c
+++ b/tc/m_xt.c
@@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
struct xtables_target *m = NULL;
+#if XTABLES_VERSION_CODE >= 6
+ struct ipt_entry fw = {};
+#endif
struct rtattr *tail;
int c;
@@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p,
default:
#if XTABLES_VERSION_CODE >= 6
if (m != NULL && m->x6_parse != NULL) {
- xtables_option_tpcall(c, argv, 0, m, NULL);
+ xtables_option_tpcall(c, argv, 0, m, &fw);
#else
if (m != NULL && m->parse != NULL) {
m->parse(c - m->option_offset, argv, 0,
--
2.11.0
Powered by blists - more mailing lists