• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1From cbc3a30711701f0e8d7f5df14f84adfb2c9fec1f Mon Sep 17 00:00:00 2001
2From: majun <majun65@huawei.com>
3Date: Fri, 16 Apr 2021 14:52:42 +0800
4Subject: [PATCH]
5
6iptables: add null check for fw in X_entry
7If the fw pointer is empty, a core dump occurs.
8
9---
10 iptables/ip6tables.c | 21 +++++++++++++++++++++
11 iptables/iptables.c  | 20 ++++++++++++++++++++
12 2 files changed, 41 insertions(+)
13
14diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
15index c95355b..1902cb4 100644
16--- a/iptables/ip6tables.c
17+++ b/iptables/ip6tables.c
18@@ -478,6 +478,10 @@ append_entry(const xt_chainlabel chain,
19 	unsigned int i, j;
20 	int ret = 1;
21
22+	if (!fw) {
23+                return 0;
24+        }
25+
26 	for (i = 0; i < nsaddrs; i++) {
27 		fw->ipv6.src = saddrs[i];
28 		fw->ipv6.smsk = smasks[i];
29@@ -502,6 +506,11 @@ replace_entry(const xt_chainlabel chain,
30 	      int verbose,
31 	      struct xtc_handle *handle)
32 {
33+
34+        if (!fw) {
35+                return 0;
36+        }
37+
38 	fw->ipv6.src = *saddr;
39 	fw->ipv6.dst = *daddr;
40 	fw->ipv6.smsk = *smask;
41@@ -528,6 +537,10 @@ insert_entry(const xt_chainlabel chain,
42 	unsigned int i, j;
43 	int ret = 1;
44
45+	if (!fw) {
46+                return 0;
47+        }
48+
49 	for (i = 0; i < nsaddrs; i++) {
50 		fw->ipv6.src = saddrs[i];
51 		fw->ipv6.smsk = smasks[i];
52@@ -595,6 +608,10 @@ delete_entry(const xt_chainlabel chain,
53 	int ret = 1;
54 	unsigned char *mask;
55
56+	if (!fw) {
57+                return 0;
58+        }
59+
60 	mask = make_delete_mask(matches, target);
61 	for (i = 0; i < nsaddrs; i++) {
62 		fw->ipv6.src = saddrs[i];
63@@ -625,6 +642,10 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
64 	int ret = 1;
65 	unsigned char *mask;
66
67+	if (!fw) {
68+                return 0;
69+        }
70+
71 	mask = make_delete_mask(matches, target);
72 	for (i = 0; i < nsaddrs; i++) {
73 		fw->ipv6.src = saddrs[i];
74diff --git a/iptables/iptables.c b/iptables/iptables.c
75index 7d61831..a206825 100644
76--- a/iptables/iptables.c
77+++ b/iptables/iptables.c
78@@ -469,6 +469,10 @@ append_entry(const xt_chainlabel chain,
79 	unsigned int i, j;
80 	int ret = 1;
81
82+        if (!fw) {
83+                return 0;
84+        }
85+
86 	for (i = 0; i < nsaddrs; i++) {
87 		fw->ip.src.s_addr = saddrs[i].s_addr;
88 		fw->ip.smsk.s_addr = smasks[i].s_addr;
89@@ -493,6 +497,10 @@ replace_entry(const xt_chainlabel chain,
90 	      int verbose,
91 	      struct xtc_handle *handle)
92 {
93+	if (!fw) {
94+                return 0;
95+        }
96+
97 	fw->ip.src.s_addr = saddr->s_addr;
98 	fw->ip.dst.s_addr = daddr->s_addr;
99 	fw->ip.smsk.s_addr = smask->s_addr;
100@@ -519,6 +527,10 @@ insert_entry(const xt_chainlabel chain,
101 	unsigned int i, j;
102 	int ret = 1;
103
104+	if (!fw) {
105+                return 0;
106+        }
107+
108 	for (i = 0; i < nsaddrs; i++) {
109 		fw->ip.src.s_addr = saddrs[i].s_addr;
110 		fw->ip.smsk.s_addr = smasks[i].s_addr;
111@@ -586,6 +598,10 @@ delete_entry(const xt_chainlabel chain,
112 	int ret = 1;
113 	unsigned char *mask;
114
115+        if (!fw) {
116+                return 0;
117+        }
118+
119 	mask = make_delete_mask(matches, target);
120 	for (i = 0; i < nsaddrs; i++) {
121 		fw->ip.src.s_addr = saddrs[i].s_addr;
122@@ -616,6 +632,10 @@ check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
123 	int ret = 1;
124 	unsigned char *mask;
125
126+	if (!fw) {
127+                return 0;
128+        }
129+
130 	mask = make_delete_mask(matches, target);
131 	for (i = 0; i < nsaddrs; i++) {
132 		fw->ip.src.s_addr = saddrs[i].s_addr;
133--
1342.27.0
135
136