提交 e46abbcc 编写于 作者: P Phil Sutter 提交者: Pablo Neira Ayuso

netfilter: nf_tables: Allow table names of up to 255 chars

Allocate all table names dynamically to allow for arbitrary lengths but
introduce NFT_NAME_MAXLEN as an upper sanity boundary. It's value was
chosen to allow using a domain name as per RFC 1035.
Signed-off-by: NPhil Sutter <phil@nwl.cc>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 2cf0c8b3
...@@ -957,7 +957,7 @@ struct nft_table { ...@@ -957,7 +957,7 @@ struct nft_table {
u32 use; u32 use;
u16 flags:14, u16 flags:14,
genmask:2; genmask:2;
char name[NFT_TABLE_MAXNAMELEN]; char *name;
}; };
enum nft_af_flags { enum nft_af_flags {
......
#ifndef _LINUX_NF_TABLES_H #ifndef _LINUX_NF_TABLES_H
#define _LINUX_NF_TABLES_H #define _LINUX_NF_TABLES_H
#define NFT_TABLE_MAXNAMELEN 32 #define NFT_NAME_MAXLEN 256
#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN
#define NFT_CHAIN_MAXNAMELEN 32 #define NFT_CHAIN_MAXNAMELEN 32
#define NFT_SET_MAXNAMELEN 32 #define NFT_SET_MAXNAMELEN 32
#define NFT_OBJ_MAXNAMELEN 32 #define NFT_OBJ_MAXNAMELEN 32
......
...@@ -726,7 +726,10 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk, ...@@ -726,7 +726,10 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
if (table == NULL) if (table == NULL)
goto err2; goto err2;
nla_strlcpy(table->name, name, NFT_TABLE_MAXNAMELEN); table->name = nla_strdup(name, GFP_KERNEL);
if (table->name == NULL)
goto err3;
INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->chains);
INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->sets);
INIT_LIST_HEAD(&table->objects); INIT_LIST_HEAD(&table->objects);
...@@ -735,10 +738,12 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk, ...@@ -735,10 +738,12 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
if (err < 0) if (err < 0)
goto err3; goto err4;
list_add_tail_rcu(&table->list, &afi->tables); list_add_tail_rcu(&table->list, &afi->tables);
return 0; return 0;
err4:
kfree(table->name);
err3: err3:
kfree(table); kfree(table);
err2: err2:
...@@ -865,6 +870,7 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx) ...@@ -865,6 +870,7 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx)
{ {
BUG_ON(ctx->table->use > 0); BUG_ON(ctx->table->use > 0);
kfree(ctx->table->name);
kfree(ctx->table); kfree(ctx->table);
module_put(ctx->afi->owner); module_put(ctx->afi->owner);
} }
...@@ -1972,7 +1978,7 @@ static void nf_tables_rule_notify(const struct nft_ctx *ctx, ...@@ -1972,7 +1978,7 @@ static void nf_tables_rule_notify(const struct nft_ctx *ctx,
} }
struct nft_rule_dump_ctx { struct nft_rule_dump_ctx {
char table[NFT_TABLE_MAXNAMELEN]; char *table;
char chain[NFT_CHAIN_MAXNAMELEN]; char chain[NFT_CHAIN_MAXNAMELEN];
}; };
...@@ -1997,7 +2003,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, ...@@ -1997,7 +2003,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
continue; continue;
list_for_each_entry_rcu(table, &afi->tables, list) { list_for_each_entry_rcu(table, &afi->tables, list) {
if (ctx && ctx->table[0] && if (ctx && ctx->table &&
strcmp(ctx->table, table->name) != 0) strcmp(ctx->table, table->name) != 0)
continue; continue;
...@@ -2037,7 +2043,12 @@ static int nf_tables_dump_rules(struct sk_buff *skb, ...@@ -2037,7 +2043,12 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
static int nf_tables_dump_rules_done(struct netlink_callback *cb) static int nf_tables_dump_rules_done(struct netlink_callback *cb)
{ {
kfree(cb->data); struct nft_rule_dump_ctx *ctx = cb->data;
if (ctx) {
kfree(ctx->table);
kfree(ctx);
}
return 0; return 0;
} }
...@@ -2069,9 +2080,14 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk, ...@@ -2069,9 +2080,14 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk,
if (!ctx) if (!ctx)
return -ENOMEM; return -ENOMEM;
if (nla[NFTA_RULE_TABLE]) if (nla[NFTA_RULE_TABLE]) {
nla_strlcpy(ctx->table, nla[NFTA_RULE_TABLE], ctx->table = nla_strdup(nla[NFTA_RULE_TABLE],
sizeof(ctx->table)); GFP_KERNEL);
if (!ctx->table) {
kfree(ctx);
return -ENOMEM;
}
}
if (nla[NFTA_RULE_CHAIN]) if (nla[NFTA_RULE_CHAIN])
nla_strlcpy(ctx->chain, nla[NFTA_RULE_CHAIN], nla_strlcpy(ctx->chain, nla[NFTA_RULE_CHAIN],
sizeof(ctx->chain)); sizeof(ctx->chain));
...@@ -4410,7 +4426,7 @@ static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net, ...@@ -4410,7 +4426,7 @@ static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net,
} }
struct nft_obj_filter { struct nft_obj_filter {
char table[NFT_OBJ_MAXNAMELEN]; char *table;
u32 type; u32 type;
}; };
...@@ -4475,7 +4491,10 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -4475,7 +4491,10 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
static int nf_tables_dump_obj_done(struct netlink_callback *cb) static int nf_tables_dump_obj_done(struct netlink_callback *cb)
{ {
kfree(cb->data); struct nft_obj_filter *filter = cb->data;
kfree(filter->table);
kfree(filter);
return 0; return 0;
} }
...@@ -4489,9 +4508,13 @@ nft_obj_filter_alloc(const struct nlattr * const nla[]) ...@@ -4489,9 +4508,13 @@ nft_obj_filter_alloc(const struct nlattr * const nla[])
if (!filter) if (!filter)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
if (nla[NFTA_OBJ_TABLE]) if (nla[NFTA_OBJ_TABLE]) {
nla_strlcpy(filter->table, nla[NFTA_OBJ_TABLE], filter->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_KERNEL);
NFT_TABLE_MAXNAMELEN); if (!filter->table) {
kfree(filter);
return ERR_PTR(-ENOMEM);
}
}
if (nla[NFTA_OBJ_TYPE]) if (nla[NFTA_OBJ_TYPE])
filter->type = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); filter->type = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
......
...@@ -175,7 +175,7 @@ void nft_trace_notify(struct nft_traceinfo *info) ...@@ -175,7 +175,7 @@ void nft_trace_notify(struct nft_traceinfo *info)
return; return;
size = nlmsg_total_size(sizeof(struct nfgenmsg)) + size = nlmsg_total_size(sizeof(struct nfgenmsg)) +
nla_total_size(NFT_TABLE_MAXNAMELEN) + nla_total_size(strlen(info->chain->table->name)) +
nla_total_size(NFT_CHAIN_MAXNAMELEN) + nla_total_size(NFT_CHAIN_MAXNAMELEN) +
nla_total_size_64bit(sizeof(__be64)) + /* rule handle */ nla_total_size_64bit(sizeof(__be64)) + /* rule handle */
nla_total_size(sizeof(__be32)) + /* trace type */ nla_total_size(sizeof(__be32)) + /* trace type */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册