Xtables-addons 3.18

xt_pknock: fix build failure under platforms like ARM 32-bit
./arch/arm/include/asm/div64.h:24:45: note: expected "uint64_t *" {aka "long long unsigned int *"} but argument is of type "long unsigned int *" 24 | static inline uint32_t __div64_32(uint64_t *n, uint32_t base)
2025-09-21 03:54:59 +02:00 · 2021-03-11 17:13:17 +01:00 · 2021-03-11 17:11:47 +01:00 · 2021-02-28 17:54:20 +01:00 · 2021-02-28 17:53:19 +01:00 · 2021-02-28 17:50:36 +01:00
4 changed files with 25 additions and 8 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [3.16])
+AC_INIT([xtables-addons], [3.18])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,3 +1,13 @@
+v3.18 (2021-03-11)
+==================
+- xt_pknock: fix a build failure on ARM 32-bit
+
+
+v3.17 (2021-02-28)
+==================
+- xt_pknock: cure a NULL deref
+
+
 v3.16 (2021-02-24)
 ==================
 - xt_pknock: build fix for ILP32 targets
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -311,9 +311,12 @@ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
 static inline bool
 autoclose_time_passed(const struct peer *peer, unsigned int autoclose_time)
 {
-	unsigned long x = ktime_get_seconds();
-	unsigned long y = peer->login_sec + autoclose_time * 60;
-	return peer != NULL && autoclose_time != 0 && time_after(x, y);
+	unsigned long x, y;
+	if (peer == NULL || autoclose_time == 0)
+		return false;
+	x = ktime_get_seconds();
+	y = peer->login_sec + autoclose_time * 60;
+	return time_after(x, y);
 }

 /**
@@ -335,8 +338,12 @@ is_interknock_time_exceeded(const struct peer *peer, unsigned int max_time)
 static inline bool
 has_logged_during_this_minute(const struct peer *peer)
 {
-	unsigned long x = ktime_get_seconds(), y = peer->login_sec;
-	return peer != NULL && do_div(y, 60) == do_div(x, 60);
+	uint64_t x, y;
+	if (peer == NULL)
+		return 0;
+	x = ktime_get_seconds();
+	y = peer->login_sec;
+	return do_div(y, 60) == do_div(x, 60);
 }

 /**
@@ -710,7 +717,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	unsigned int hexa_size;
 	int ret;
 	bool fret = false;
-	unsigned long x;
+	uint64_t x;
 	unsigned int epoch_min;

 	if (payload_len == 0)
--- a/xtables-addons.8.in
+++ b/xtables-addons.8.in
@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "" "" "v3.16 (2021-02-24)"
+.TH xtables-addons 8 "" "" "v3.18 (2021-03-11)"
 .SH Name
 Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
 .SH Targets
Author	SHA1	Message	Date
Jan Engelhardt	87189b0051	Xtables-addons 3.18	2021-03-11 17:13:17 +01:00
Jan Engelhardt	d3fb275c03	xt_pknock: fix build failure under platforms like ARM 32-bit ./arch/arm/include/asm/div64.h:24:45: note: expected "uint64_t " {aka "long long unsigned int "} but argument is of type "long unsigned int " 24 \| static inline uint32_t __div64_32(uint64_t n, uint32_t base)	2021-03-11 17:11:47 +01:00
Jan Engelhardt	9faa3085bb	Xtables-addons 3.17	2021-02-28 17:54:20 +01:00
Jan Engelhardt	947a677ddb	xt_pknock: reduce indent in the two most-recently touched functions	2021-02-28 17:53:19 +01:00
Andrew S. Johnson	42a9b5c6c3	xt_pknock: cure NULL dereference The original patch for long division on x86 didn't take into account the use of short circuit logic for checking if peer is NULL before testing it. Here is a revised patch to v3.16.	2021-02-28 17:50:36 +01:00