netfilter: xtables: avoid BUG_ON
I see no reason for them, label or timer cannot be NULL, and if they were, we'll crash with null deref anyway. For skb_header_pointer failure, just set hotdrop to true and toss such packet. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>hifive-unleashed-5.1
parent
fa5950e498
commit
70c0eb1ca0
|
@ -65,7 +65,10 @@ ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
}
|
}
|
||||||
|
|
||||||
hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
|
hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
|
||||||
BUG_ON(hp == NULL);
|
if (!hp) {
|
||||||
|
par->hotdrop = true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/* Calculate the header length */
|
/* Calculate the header length */
|
||||||
if (nexthdr == NEXTHDR_FRAGMENT)
|
if (nexthdr == NEXTHDR_FRAGMENT)
|
||||||
|
|
|
@ -137,7 +137,10 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
sizeof(_addr),
|
sizeof(_addr),
|
||||||
&_addr);
|
&_addr);
|
||||||
|
|
||||||
BUG_ON(ap == NULL);
|
if (ap == NULL) {
|
||||||
|
par->hotdrop = true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {
|
if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {
|
||||||
pr_debug("i=%d temp=%d;\n", i, temp);
|
pr_debug("i=%d temp=%d;\n", i, temp);
|
||||||
|
@ -166,7 +169,10 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
+ temp * sizeof(_addr),
|
+ temp * sizeof(_addr),
|
||||||
sizeof(_addr),
|
sizeof(_addr),
|
||||||
&_addr);
|
&_addr);
|
||||||
BUG_ON(ap == NULL);
|
if (ap == NULL) {
|
||||||
|
par->hotdrop = true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp]))
|
if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp]))
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -68,8 +68,6 @@ struct idletimer_tg *__idletimer_tg_find_by_label(const char *label)
|
||||||
{
|
{
|
||||||
struct idletimer_tg *entry;
|
struct idletimer_tg *entry;
|
||||||
|
|
||||||
BUG_ON(!label);
|
|
||||||
|
|
||||||
list_for_each_entry(entry, &idletimer_tg_list, entry) {
|
list_for_each_entry(entry, &idletimer_tg_list, entry) {
|
||||||
if (!strcmp(label, entry->attr.attr.name))
|
if (!strcmp(label, entry->attr.attr.name))
|
||||||
return entry;
|
return entry;
|
||||||
|
@ -172,8 +170,6 @@ static unsigned int idletimer_tg_target(struct sk_buff *skb,
|
||||||
pr_debug("resetting timer %s, timeout period %u\n",
|
pr_debug("resetting timer %s, timeout period %u\n",
|
||||||
info->label, info->timeout);
|
info->label, info->timeout);
|
||||||
|
|
||||||
BUG_ON(!info->timer);
|
|
||||||
|
|
||||||
mod_timer(&info->timer->timer,
|
mod_timer(&info->timer->timer,
|
||||||
msecs_to_jiffies(info->timeout * 1000) + jiffies);
|
msecs_to_jiffies(info->timeout * 1000) + jiffies);
|
||||||
|
|
||||||
|
|
|
@ -35,8 +35,6 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
u32 secmark = 0;
|
u32 secmark = 0;
|
||||||
const struct xt_secmark_target_info *info = par->targinfo;
|
const struct xt_secmark_target_info *info = par->targinfo;
|
||||||
|
|
||||||
BUG_ON(info->mode != mode);
|
|
||||||
|
|
||||||
switch (mode) {
|
switch (mode) {
|
||||||
case SECMARK_MODE_SEL:
|
case SECMARK_MODE_SEL:
|
||||||
secmark = info->secid;
|
secmark = info->secid;
|
||||||
|
|
Loading…
Reference in New Issue