tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr

IPSET_ATTR_NAME and IPSET_ATTR_NAMEREF are of NLA_STRING type, they
cannot be treated like a c-string.

They either have to be switched to NLA_NUL_STRING, or the compare
operations need to use the nla functions.

Fixes: f830837f0eed ("netfilter: ipset: list:set set type support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso b7e85909 a958a4f9

+5 -5
+1 -1
include/linux/netfilter/ipset/ip_set.h
··· 309 309 310 310 /* register and unregister set references */ 311 311 extern ip_set_id_t ip_set_get_byname(struct net *net, 312 - const char *name, struct ip_set **set); 312 + const struct nlattr *name, struct ip_set **set); 313 313 extern void ip_set_put_byindex(struct net *net, ip_set_id_t index); 314 314 extern void ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name); 315 315 extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);
+2 -2
net/netfilter/ipset/ip_set_core.c
··· 821 821 * 822 822 */ 823 823 ip_set_id_t 824 - ip_set_get_byname(struct net *net, const char *name, struct ip_set **set) 824 + ip_set_get_byname(struct net *net, const struct nlattr *name, struct ip_set **set) 825 825 { 826 826 ip_set_id_t i, index = IPSET_INVALID_ID; 827 827 struct ip_set *s; ··· 830 830 rcu_read_lock(); 831 831 for (i = 0; i < inst->ip_set_max; i++) { 832 832 s = rcu_dereference(inst->ip_set_list)[i]; 833 - if (s && STRNCMP(s->name, name)) { 833 + if (s && nla_strcmp(name, s->name) == 0) { 834 834 __ip_set_get(s); 835 835 index = i; 836 836 *set = s;
+2 -2
net/netfilter/ipset/ip_set_list_set.c
··· 367 367 ret = ip_set_get_extensions(set, tb, &ext); 368 368 if (ret) 369 369 return ret; 370 - e.id = ip_set_get_byname(map->net, nla_data(tb[IPSET_ATTR_NAME]), &s); 370 + e.id = ip_set_get_byname(map->net, tb[IPSET_ATTR_NAME], &s); 371 371 if (e.id == IPSET_INVALID_ID) 372 372 return -IPSET_ERR_NAME; 373 373 /* "Loop detection" */ ··· 389 389 390 390 if (tb[IPSET_ATTR_NAMEREF]) { 391 391 e.refid = ip_set_get_byname(map->net, 392 - nla_data(tb[IPSET_ATTR_NAMEREF]), 392 + tb[IPSET_ATTR_NAMEREF], 393 393 &s); 394 394 if (e.refid == IPSET_INVALID_ID) { 395 395 ret = -IPSET_ERR_NAMEREF;