anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-11 15:14:57 +02:00
Code Issues Releases Wiki Activity

pknock: avoid accidental deletion of rules

Browse Source 
If DEBUG was not defined, and no rule was effectively found, the
"rule" variable may still be non-NULL, and possibly cause deletion.
Therefore, always check for the rule having been found.
This commit is contained in:
Jan Engelhardt
2009-09-29 22:58:35 +02:00
parent 9928c864ab
commit 1de82a88a1
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/xt_pknock.c
View File

@@ -451,9 +451,7 @@ remove_rule(struct ipt_pknock *info)
struct list_head *pos = NULL, *n = NULL; struct list_head *pos = NULL, *n = NULL;
struct peer *peer = NULL; struct peer *peer = NULL;
int i; int i;
#if DEBUG
int found = 0; int found = 0;
#endif
int hash = pknock_hash(info->rule_name, info->rule_name_len, int hash = pknock_hash(info->rule_name, info->rule_name_len,
ipt_pknock_hash_rnd, rule_hashsize); ipt_pknock_hash_rnd, rule_hashsize);
@@ -463,19 +461,17 @@ remove_rule(struct ipt_pknock *info)
rule = list_entry(pos, struct ipt_pknock_rule, head); rule = list_entry(pos, struct ipt_pknock_rule, head);
if (rulecmp(info, rule) == 0) { if (rulecmp(info, rule) == 0) {
#if DEBUG
found = 1; found = 1;
#endif
rule->ref_count--; rule->ref_count--;
break; break;
} }
} }
#if DEBUG
if (!found) { if (!found) {
#if DEBUG
printk(KERN_INFO PKNOCK "(N) rule not found: %s.\n", info->rule_name); printk(KERN_INFO PKNOCK "(N) rule not found: %s.\n", info->rule_name);
#endif
return; return;
} }
#endif
if (rule && rule->ref_count == 0) { if (rule && rule->ref_count == 0) {
hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) { hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) {
peer = list_entry(pos, struct peer, head); peer = list_entry(pos, struct peer, head);