Xtables-addons 3.17

xt_pknock: reduce indent in the two most-recently touched functions
xt_pknock: cure NULL dereference
2025-09-20 19:44:56 +02:00 · 2021-02-28 17:54:20 +01:00 · 2021-02-28 17:53:19 +01:00 · 2021-02-28 17:50:36 +01:00 · 2021-02-24 01:16:22 +01:00 · 2021-02-24 01:12:28 +01:00
5 changed files with 26 additions and 8 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [3.15])
+AC_INIT([xtables-addons], [3.17])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,3 +1,11 @@
+v3.17 (2021-02-28)
+==================
+- xt_pknock: cure a NULL deref
+
+
+v3.16 (2021-02-24)
+==================
+- xt_pknock: build fix for ILP32 targets


 v3.15 (2021-02-05)
--- a/extensions/libxt_quota2.c
+++ b/extensions/libxt_quota2.c
@@ -70,7 +70,7 @@ quota_mt2_parse(int c, char **argv, int invert, unsigned int *flags,
 		/* zero termination done on behalf of the kernel module */
 		xtables_param_act(XTF_ONLY_ONCE, "quota", "--name", *flags & FL_NAME);
 		xtables_param_act(XTF_NO_INVERT, "quota", "--name", invert);
-		strncpy(info->name, optarg, sizeof(info->name));
+		snprintf(info->name, sizeof(info->name), "%s", optarg);
 		*flags |= FL_NAME;
 		return true;
 	case 'p':
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -311,9 +311,12 @@ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
 static inline bool
 autoclose_time_passed(const struct peer *peer, unsigned int autoclose_time)
 {
-	unsigned long x = ktime_get_seconds();
-	unsigned long y = peer->login_sec + autoclose_time * 60;
-	return peer != NULL && autoclose_time != 0 && time_after(x, y);
+	unsigned long x, y;
+	if (peer == NULL || autoclose_time == 0)
+		return false;
+	x = ktime_get_seconds();
+	y = peer->login_sec + autoclose_time * 60;
+	return time_after(x, y);
 }

 /**
@@ -335,7 +338,12 @@ is_interknock_time_exceeded(const struct peer *peer, unsigned int max_time)
 static inline bool
 has_logged_during_this_minute(const struct peer *peer)
 {
-	return peer != NULL && peer->login_sec / 60 == ktime_get_seconds() / 60;
+	unsigned long x, y;
+	if (peer == NULL)
+		return 0;
+	x = ktime_get_seconds();
+	y = peer->login_sec;
+	return do_div(y, 60) == do_div(x, 60);
 }

 /**
@@ -709,6 +717,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	unsigned int hexa_size;
 	int ret;
 	bool fret = false;
+	unsigned long x;
 	unsigned int epoch_min;

 	if (payload_len == 0)
@@ -727,7 +736,8 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	hexresult = kzalloc(hexa_size, GFP_ATOMIC);
 	if (hexresult == NULL)
 		return false;
-	epoch_min = ktime_get_seconds() / 60;
+	x = ktime_get_seconds();
+	epoch_min = do_div(x, 60);

 	ret = crypto_shash_setkey(crypto.tfm, secret, secret_len);
 	if (ret != 0) {
--- a/xtables-addons.8.in
+++ b/xtables-addons.8.in
@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "" "Caketime" "v3.15 (2021-02-05)"
+.TH xtables-addons 8 "" "" "v3.17 (2021-02-28)"
 .SH Name
 Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
 .SH Targets
Author	SHA1	Message	Date
Jan Engelhardt	9faa3085bb	Xtables-addons 3.17	2021-02-28 17:54:20 +01:00
Jan Engelhardt	947a677ddb	xt_pknock: reduce indent in the two most-recently touched functions	2021-02-28 17:53:19 +01:00
Andrew S. Johnson	42a9b5c6c3	xt_pknock: cure NULL dereference The original patch for long division on x86 didn't take into account the use of short circuit logic for checking if peer is NULL before testing it. Here is a revised patch to v3.16.	2021-02-28 17:50:36 +01:00
Jan Engelhardt	3233a0ed2c	Xtables-addons 3.16	2021-02-24 01:16:22 +01:00
Jan Engelhardt	97808473f9	xt_quota2: silence a compiler warning libxt_quota2.c:73:3: warning: ‘strncpy’ specified bound 15 equals destination size [-Wstringop-truncation] 73 \| strncpy(info->name, optarg, sizeof(info->name));	2021-02-24 01:12:28 +01:00
Andrew S. Johnson	3aa4ca3eaf	xt_pknock: use do_div for long division	2021-02-24 01:10:18 +01:00