From 2747cab9c49b570347c86ff59daec93a1432b0bc Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 27 Apr 2022 14:37:00 +0200 Subject: [PATCH] mnl: do not use expr->identifier to fetch device name Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2070924 Upstream Status: nftables commit 78bbe7f7a55be commit 78bbe7f7a55be48909067e25900de27623d8fa6a Author: Pablo Neira Ayuso Date: Wed Feb 19 21:05:26 2020 +0100 mnl: do not use expr->identifier to fetch device name This string might not be nul-terminated, resulting in spurious errors when adding netdev chains. Fixes: 3fdc7541fba0 ("src: add multidevice support for netdev chain") Fixes: 92911b362e90 ("src: add support to add flowtables") Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 33 +++++++++++++++++++++++++++++---- src/parser_bison.y | 6 +++--- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/src/mnl.c b/src/mnl.c index 44cf1a4..f881d97 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -529,7 +530,9 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, { int priority, policy, i = 0; struct nftnl_chain *nlc; + unsigned int ifname_len; const char **dev_array; + char ifname[IFNAMSIZ]; struct nlmsghdr *nlh; struct expr *expr; int dev_array_len; @@ -562,7 +565,12 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, dev_array = xmalloc(sizeof(char *) * 8); dev_array_len = 8; list_for_each_entry(expr, &cmd->chain->dev_expr->expressions, list) { - dev_array[i++] = expr->identifier; + ifname_len = div_round_up(expr->len, BITS_PER_BYTE); + memset(ifname, 0, sizeof(ifname)); + mpz_export_data(ifname, expr->value, + BYTEORDER_HOST_ENDIAN, + ifname_len); + dev_array[i++] = xstrdup(ifname); if (i == dev_array_len) { dev_array_len *= 2; dev_array = xrealloc(dev_array, @@ -577,6 +585,10 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, nftnl_chain_set_data(nlc, NFTNL_CHAIN_DEVICES, dev_array, sizeof(char *) * dev_array_len); + i = 0; + while (dev_array[i] != NULL) + xfree(dev_array[i++]); + xfree(dev_array); } } @@ -1488,7 +1500,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, unsigned int flags) { struct nftnl_flowtable *flo; + unsigned int ifname_len; const char **dev_array; + char ifname[IFNAMSIZ]; struct nlmsghdr *nlh; int i = 0, len = 1; struct expr *expr; @@ -1513,13 +1527,24 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) len++; - dev_array = calloc(len, sizeof(char *)); - list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) - dev_array[i++] = expr->identifier; + dev_array = xmalloc(sizeof(char *) * len); + + list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) { + ifname_len = div_round_up(expr->len, BITS_PER_BYTE); + memset(ifname, 0, sizeof(ifname)); + mpz_export_data(ifname, expr->value, BYTEORDER_HOST_ENDIAN, + ifname_len); + dev_array[i++] = xstrdup(ifname); + } dev_array[i] = NULL; nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES, dev_array, sizeof(char *) * len); + + i = 0; + while (dev_array[i] != NULL) + xfree(dev_array[i++]); + free(dev_array); netlink_dump_flowtable(flo, ctx); diff --git a/src/parser_bison.y b/src/parser_bison.y index 2cdf8ec..dc87571 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1909,9 +1909,9 @@ flowtable_list_expr : flowtable_expr_member flowtable_expr_member : STRING { - $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE, - current_scope(state), - $1); + $$ = constant_expr_alloc(&@$, &string_type, + BYTEORDER_HOST_ENDIAN, + strlen($1) * BITS_PER_BYTE, $1); xfree($1); } ; -- 2.34.1