Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70c0eb1c authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: xtables: avoid BUG_ON 



I see no reason for them, label or timer cannot be NULL, and if they
were, we'll crash with null deref anyway.

For skb_header_pointer failure, just set hotdrop to true and toss
such packet.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fa5950e4

net/ipv6/netfilter/ip6t_ipv6header.c

+4 −1
Original line number Diff line number Diff line
@@ -65,7 +65,10 @@ ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par) 
		}



		hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);

		BUG_ON(hp == NULL);

		if (!hp) {

			par->hotdrop = true;

			return false;

		}



		/* Calculate the header length */

		if (nexthdr == NEXTHDR_FRAGMENT)

net/ipv6/netfilter/ip6t_rt.c

+8 −2
Original line number Diff line number Diff line
@@ -137,7 +137,10 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par) 
							sizeof(_addr),

							&_addr);



				BUG_ON(ap == NULL);

				if (ap == NULL) {

					par->hotdrop = true;

					return false;

				}



				if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {

					pr_debug("i=%d temp=%d;\n", i, temp);
@@ -166,7 +169,10 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par) 
							+ temp * sizeof(_addr),

							sizeof(_addr),

							&_addr);

				BUG_ON(ap == NULL);

				if (ap == NULL) {

					par->hotdrop = true;

					return false;

				}



				if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp]))

					break;

net/netfilter/xt_IDLETIMER.c

+0 −4
Original line number Diff line number Diff line
@@ -68,8 +68,6 @@ struct idletimer_tg *__idletimer_tg_find_by_label(const char *label) 
{

	struct idletimer_tg *entry;



	BUG_ON(!label);



	list_for_each_entry(entry, &idletimer_tg_list, entry) {

		if (!strcmp(label, entry->attr.attr.name))

			return entry;
@@ -172,8 +170,6 @@ static unsigned int idletimer_tg_target(struct sk_buff *skb, 
	pr_debug("resetting timer %s, timeout period %u\n",

		 info->label, info->timeout);



	BUG_ON(!info->timer);



	mod_timer(&info->timer->timer,

		  msecs_to_jiffies(info->timeout * 1000) + jiffies);

net/netfilter/xt_SECMARK.c

+0 −2
Original line number Diff line number Diff line
@@ -35,8 +35,6 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par) 
	u32 secmark = 0;

	const struct xt_secmark_target_info *info = par->targinfo;



	BUG_ON(info->mode != mode);



	switch (mode) {

	case SECMARK_MODE_SEL:

		secmark = info->secid;