anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 21:25:12 +02:00
Code Issues Releases Wiki Activity

xt_pknock: cure NULL dereference

Browse Source 
The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.
This commit is contained in:
Andrew S. Johnson
2021-02-28 15:54:56 +01:00
committed by Jan Engelhardt
parent 3233a0ed2c
commit 42a9b5c6c3
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
extensions/pknock/xt_pknock.c
View File

@@ -311,9 +311,13 @@ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
static inline bool
autoclose_time_passed(const struct peer *peer, unsigned int autoclose_time)
{
if (peer != NULL) {
unsigned long x = ktime_get_seconds();
unsigned long y = peer->login_sec + autoclose_time * 60;
return peer != NULL && autoclose_time != 0 && time_after(x, y);
return autoclose_time != 0 && time_after(x, y);
} else {
return 0;
}
}
/**
@@ -335,8 +339,12 @@ is_interknock_time_exceeded(const struct peer *peer, unsigned int max_time)
static inline bool
has_logged_during_this_minute(const struct peer *peer)
{
if (peer != NULL) {
unsigned long x = ktime_get_seconds(), y = peer->login_sec;
return peer != NULL && do_div(y, 60) == do_div(x, 60);
return do_div(y, 60) == do_div(x, 60);
} else {
return 0;
}
}
/**