1
linux/net
Florian Westphal 3a0429292d netfilter: xtables: fix conntrack match v1 ipt-save output
commit d6d3f08b0f
(netfilter: xtables: conntrack match revision 2) does break the
v1 conntrack match iptables-save output in a subtle way.

Problem is as follows:

    up = kmalloc(sizeof(*up), GFP_KERNEL);
[..]
   /*
    * The strategy here is to minimize the overhead of v1 matching,
    * by prebuilding a v2 struct and putting the pointer into the
    * v1 dataspace.
    */
    memcpy(up, info, offsetof(typeof(*info), state_mask));
[..]
    *(void **)info  = up;

As the v2 struct pointer is saved in the match data space,
it clobbers the first structure member (->origsrc_addr).

Because the _v1 match function grabs this pointer and does not actually
look at the v1 origsrc, run time functionality does not break.
But iptables -nvL (or iptables-save) cannot know that v1 origsrc_addr
has been overloaded in this way:

$ iptables -p tcp -A OUTPUT -m conntrack --ctorigsrc 10.0.0.1 -j ACCEPT
$ iptables-save
-A OUTPUT -p tcp -m conntrack --ctorigsrc 128.173.134.206 -j ACCEPT

(128.173... is the address to the v2 match structure).

To fix this, we take advantage of the fact that the v1 and v2 structures
are identical with exception of the last two structure members (u8 in v1,
u16 in v2).

We extract them as early as possible and prevent the v2 matching function
from looking at those two members directly.

Previously reported by Michel Messerschmidt via Ben Hutchings, also
see Debian Bug tracker #556587.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-11-23 10:43:57 +01:00
..
9p virtio: add virtio IDs file 2009-09-23 22:26:32 +09:30
802
8021q vlan: Add support to netdev_ops.ndo_fcoe_get_wwn for VLAN device 2009-10-29 01:04:04 -07:00
appletalk net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
atm net: Generalize socket rx gap / receive queue overflow cmsg 2009-10-12 13:26:31 -07:00
ax25 net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
bluetooth Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-27 01:03:26 -07:00
bridge bridge: Optimize multiple unregistration 2009-10-29 01:13:48 -07:00
can net: Cleanup redundant tests on unsigned 2009-10-29 01:39:54 -07:00
core net: Introduce dev_get_by_index_rcu() 2009-10-29 01:42:55 -07:00
dcb net: fix double skb free in dcbnl 2009-09-26 20:16:15 -07:00
dccp net: Fix for dst_negative_advice 2009-10-20 18:55:46 -07:00
decnet net: Fix for dst_negative_advice 2009-10-20 18:55:46 -07:00
dsa netdev: convert pseudo-devices to netdev_tx_t 2009-09-01 01:13:07 -07:00
econet econet: Fix redeclaration of symbol len 2009-10-07 14:43:04 -07:00
ethernet
ieee802154 net: sk_drops consolidation 2009-10-14 20:40:11 -07:00
ipv4 netfilter: remove unneccessary checks from netlink notifiers 2009-11-06 17:04:00 +01:00
ipv6 netfilter: remove unneccessary checks from netlink notifiers 2009-11-06 17:04:00 +01:00
ipx net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
irda net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
iucv af_iucv: remove duplicate sock_set_flag 2009-10-17 23:57:20 -07:00
key net: Generalize socket rx gap / receive queue overflow cmsg 2009-10-12 13:26:31 -07:00
lapb net: remove NET_RX_BAD and NET_RX_CN* defines 2009-07-05 19:15:35 -07:00
llc net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
mac80211 mesh: use set_bit() to set MESH_WORK_HOUSEKEEPING. 2009-10-27 16:48:35 -04:00
netfilter netfilter: xtables: fix conntrack match v1 ipt-save output 2009-11-23 10:43:57 +01:00
netlabel Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-30 19:22:43 -07:00
netlink genetlink: Optimize and one bug fix in genl_generate_id() 2009-10-17 23:57:26 -07:00
netrom net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
packet vlan: allow null VLAN ID to be used 2009-10-27 01:02:33 -07:00
phonet Phonet: hold socket before giving it to sk_deliver_skb() 2009-10-15 12:30:42 -07:00
rds inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
rfkill headers: remove sched.h from poll.h 2009-10-04 15:05:10 -07:00
rose net: mark net_proto_ops as const 2009-10-07 01:10:46 -07:00
rxrpc net: Generalize socket rx gap / receive queue overflow cmsg 2009-10-12 13:26:31 -07:00
sched pkt_sched: skbedit add support for setting mark 2009-10-22 21:56:42 -07:00
sctp inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
sunrpc inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
tipc net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
unix Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-27 01:03:26 -07:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax
wireless cfg80211: remove warning in deauth case 2009-10-27 16:48:17 -04:00
x25 net: Cleanup redundant tests on unsigned 2009-10-29 01:39:53 -07:00
xfrm xfrm: remove skb_icv_walk 2009-10-18 21:32:01 -07:00
compat.c net: Cleanup redundant tests on unsigned 2009-10-29 01:39:54 -07:00
Kconfig net/compat/wext: send different messages to compat tasks 2009-07-15 08:53:39 -07:00
Makefile net: remove redundant sched/ in net/Makefile 2009-07-12 20:11:14 -07:00
nonet.c
socket.c net: Introduce recvmmsg socket syscall 2009-10-12 23:40:10 -07:00
sysctl_net.c
TUNABLE