|
 |
4aca6e |
From cee4a40e7febe8f1b5b38b31f42f1b64f536ddb4 Mon Sep 17 00:00:00 2001
|
|
|
4aca6e |
From: Phil Sutter <psutter@redhat.com>
|
|
|
4aca6e |
Date: Tue, 4 Apr 2017 16:21:45 +0200
|
|
|
4aca6e |
Subject: [PATCH] tc: m_xt: Fix segfault when adding multiple actions at once
|
|
|
4aca6e |
|
|
|
4aca6e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726
|
|
|
4aca6e |
Upstream Status: iproute2.git commit 8eee75a8358c5
|
|
|
4aca6e |
|
|
|
4aca6e |
commit 8eee75a8358c542d881d2a84e2c47cc0a9fa92ef
|
|
|
4aca6e |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
4aca6e |
Date: Fri Jun 10 13:42:01 2016 +0200
|
|
|
4aca6e |
|
|
|
4aca6e |
tc: m_xt: Fix segfault when adding multiple actions at once
|
|
|
4aca6e |
|
|
|
4aca6e |
Without this, the following call to tc would segfault:
|
|
|
4aca6e |
|
|
|
4aca6e |
| tc filter add dev d0 parent ffff: u32 match u32 0 0 \
|
|
|
4aca6e |
| action xt -j MARK --set-mark 0x1 \
|
|
|
4aca6e |
| action xt -j MARK --set-mark 0x1
|
|
|
4aca6e |
|
|
|
4aca6e |
The reason is basically the same as for 6e2e5ec28bad4 ("fix print_ipt:
|
|
|
4aca6e |
segfault if more then one filter with action -j MARK.") but in
|
|
|
4aca6e |
parse_ipt() instead of print_ipt().
|
|
|
4aca6e |
|
|
|
4aca6e |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
4aca6e |
---
|
|
|
4aca6e |
tc/m_xt.c | 14 ++++++++------
|
|
|
4aca6e |
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
4aca6e |
|
|
|
4aca6e |
diff --git a/tc/m_xt.c b/tc/m_xt.c
|
|
|
4aca6e |
index aa83061..f0efd28 100644
|
|
|
4aca6e |
--- a/tc/m_xt.c
|
|
|
4aca6e |
+++ b/tc/m_xt.c
|
|
|
4aca6e |
@@ -133,7 +133,9 @@ static int parse_ipt(struct action_util *a,int *argc_p,
|
|
|
4aca6e |
__u32 hook = 0, index = 0;
|
|
|
4aca6e |
struct option *opts = NULL;
|
|
|
4aca6e |
|
|
|
4aca6e |
- xtables_init_all(&tcipt_globals, NFPROTO_IPV4);
|
|
|
4aca6e |
+ /* copy tcipt_globals because .opts will be modified by iptables */
|
|
|
4aca6e |
+ struct xtables_globals tmp_tcipt_globals = tcipt_globals;
|
|
|
4aca6e |
+ xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4);
|
|
|
4aca6e |
set_lib_dir();
|
|
|
4aca6e |
|
|
|
4aca6e |
{
|
|
|
4aca6e |
@@ -152,7 +154,7 @@ static int parse_ipt(struct action_util *a,int *argc_p,
|
|
|
4aca6e |
}
|
|
|
4aca6e |
|
|
|
4aca6e |
while (1) {
|
|
|
4aca6e |
- c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL);
|
|
|
4aca6e |
+ c = getopt_long(argc, argv, "j:", tmp_tcipt_globals.opts, NULL);
|
|
|
4aca6e |
if (c == -1)
|
|
|
4aca6e |
break;
|
|
|
4aca6e |
switch (c) {
|
|
|
4aca6e |
@@ -165,12 +167,12 @@ static int parse_ipt(struct action_util *a,int *argc_p,
|
|
|
4aca6e |
return -1;
|
|
|
4aca6e |
}
|
|
|
4aca6e |
#if (XTABLES_VERSION_CODE >= 6)
|
|
|
4aca6e |
- opts = xtables_options_xfrm(tcipt_globals.orig_opts,
|
|
|
4aca6e |
- tcipt_globals.opts,
|
|
|
4aca6e |
+ opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts,
|
|
|
4aca6e |
+ tmp_tcipt_globals.opts,
|
|
|
4aca6e |
m->x6_options,
|
|
|
4aca6e |
&m->option_offset);
|
|
|
4aca6e |
#else
|
|
|
4aca6e |
- opts = xtables_merge_options(tcipt_globals.opts,
|
|
|
4aca6e |
+ opts = xtables_merge_options(tmp_tcipt_globals.opts,
|
|
|
4aca6e |
m->extra_opts,
|
|
|
4aca6e |
&m->option_offset);
|
|
|
4aca6e |
#endif
|
|
|
4aca6e |
@@ -178,7 +180,7 @@ static int parse_ipt(struct action_util *a,int *argc_p,
|
|
|
4aca6e |
fprintf(stderr, " failed to find additional options for target %s\n\n", optarg);
|
|
|
4aca6e |
return -1;
|
|
|
4aca6e |
} else
|
|
|
4aca6e |
- tcipt_globals.opts = opts;
|
|
|
4aca6e |
+ tmp_tcipt_globals.opts = opts;
|
|
|
4aca6e |
} else {
|
|
|
4aca6e |
fprintf(stderr," failed to find target %s\n\n", optarg);
|
|
|
4aca6e |
return -1;
|
|
|
4aca6e |
--
|
|
|
4aca6e |
1.8.3.1
|
|
|
4aca6e |
|