| ip_fw_table.c (282521) | ip_fw_table.c (290332) |
|---|---|
| 1/*- 2 * Copyright (c) 2004 Ruslan Ermilov and Vsevolod Lobko. 3 * Copyright (c) 2014 Yandex LLC 4 * Copyright (c) 2014 Alexander V. Chernikov 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 12 unchanged lines hidden (view full) --- 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2004 Ruslan Ermilov and Vsevolod Lobko. 3 * Copyright (c) 2014 Yandex LLC 4 * Copyright (c) 2014 Alexander V. Chernikov 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 12 unchanged lines hidden (view full) --- 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28#include <sys/cdefs.h> |
| 29__FBSDID("$FreeBSD: head/sys/netpfil/ipfw/ip_fw_table.c 282521 2015-05-06 07:53:43Z melifaro $"); | 29__FBSDID("$FreeBSD: head/sys/netpfil/ipfw/ip_fw_table.c 290332 2015-11-03 10:29:46Z ae $"); |
| 30 31/* 32 * Lookup table support for ipfw. 33 * 34 * This file contains handlers for all generic tables' operations: 35 * add/del/flush entries, list/dump tables etc.. 36 * 37 * Table data modification is protected by both UH and runtime lock --- 72 unchanged lines hidden (view full) --- 110static void export_table_info(struct ip_fw_chain *ch, struct table_config *tc, 111 ipfw_xtable_info *i); 112static int dump_table_tentry(void *e, void *arg); 113static int dump_table_xentry(void *e, void *arg); 114 115static int swap_tables(struct ip_fw_chain *ch, struct tid_info *a, 116 struct tid_info *b); 117 | 30 31/* 32 * Lookup table support for ipfw. 33 * 34 * This file contains handlers for all generic tables' operations: 35 * add/del/flush entries, list/dump tables etc.. 36 * 37 * Table data modification is protected by both UH and runtime lock --- 72 unchanged lines hidden (view full) --- 110static void export_table_info(struct ip_fw_chain *ch, struct table_config *tc, 111 ipfw_xtable_info *i); 112static int dump_table_tentry(void *e, void *arg); 113static int dump_table_xentry(void *e, void *arg); 114 115static int swap_tables(struct ip_fw_chain *ch, struct tid_info *a, 116 struct tid_info *b); 117 |
| 118static int check_table_name(const char *name); |
|
| 118static int check_table_space(struct ip_fw_chain *ch, struct tableop_state *ts, 119 struct table_config *tc, struct table_info *ti, uint32_t count); 120static int destroy_table(struct ip_fw_chain *ch, struct tid_info *ti); 121 122static struct table_algo *find_table_algo(struct tables_config *tableconf, 123 struct tid_info *ti, char *name); 124 125static void objheader_to_ti(struct _ipfw_obj_header *oh, struct tid_info *ti); --- 1663 unchanged lines hidden (view full) --- 1789 oh = (struct _ipfw_obj_header *)sd->kbuf; 1790 i = (ipfw_xtable_info *)(oh + 1); 1791 1792 /* 1793 * Verify user-supplied strings. 1794 * Check for null-terminated/zero-length strings/ 1795 */ 1796 tname = oh->ntlv.name; | 119static int check_table_space(struct ip_fw_chain *ch, struct tableop_state *ts, 120 struct table_config *tc, struct table_info *ti, uint32_t count); 121static int destroy_table(struct ip_fw_chain *ch, struct tid_info *ti); 122 123static struct table_algo *find_table_algo(struct tables_config *tableconf, 124 struct tid_info *ti, char *name); 125 126static void objheader_to_ti(struct _ipfw_obj_header *oh, struct tid_info *ti); --- 1663 unchanged lines hidden (view full) --- 1790 oh = (struct _ipfw_obj_header *)sd->kbuf; 1791 i = (ipfw_xtable_info *)(oh + 1); 1792 1793 /* 1794 * Verify user-supplied strings. 1795 * Check for null-terminated/zero-length strings/ 1796 */ 1797 tname = oh->ntlv.name; |
| 1797 if (ipfw_check_table_name(tname) != 0) | 1798 if (check_table_name(tname) != 0) |
| 1798 return (EINVAL); 1799 1800 objheader_to_ti(oh, &ti); 1801 ti.type = i->type; 1802 1803 IPFW_UH_WLOCK(ch); 1804 ni = CHAIN_TO_NI(ch); 1805 if ((tc = find_table(ni, &ti)) == NULL) { --- 40 unchanged lines hidden (view full) --- 1846 i = (ipfw_xtable_info *)(oh + 1); 1847 1848 /* 1849 * Verify user-supplied strings. 1850 * Check for null-terminated/zero-length strings/ 1851 */ 1852 tname = oh->ntlv.name; 1853 aname = i->algoname; | 1799 return (EINVAL); 1800 1801 objheader_to_ti(oh, &ti); 1802 ti.type = i->type; 1803 1804 IPFW_UH_WLOCK(ch); 1805 ni = CHAIN_TO_NI(ch); 1806 if ((tc = find_table(ni, &ti)) == NULL) { --- 40 unchanged lines hidden (view full) --- 1847 i = (ipfw_xtable_info *)(oh + 1); 1848 1849 /* 1850 * Verify user-supplied strings. 1851 * Check for null-terminated/zero-length strings/ 1852 */ 1853 tname = oh->ntlv.name; 1854 aname = i->algoname; |
| 1854 if (ipfw_check_table_name(tname) != 0 || | 1855 if (check_table_name(tname) != 0 || |
| 1855 strnlen(aname, sizeof(i->algoname)) == sizeof(i->algoname)) 1856 return (EINVAL); 1857 1858 if (aname[0] == '\0') { 1859 /* Use default algorithm */ 1860 aname = NULL; 1861 } 1862 --- 1047 unchanged lines hidden (view full) --- 2910 2911/* 2912 * Checks table name for validity. 2913 * Enforce basic length checks, the rest 2914 * should be done in userland. 2915 * 2916 * Returns 0 if name is considered valid. 2917 */ | 1856 strnlen(aname, sizeof(i->algoname)) == sizeof(i->algoname)) 1857 return (EINVAL); 1858 1859 if (aname[0] == '\0') { 1860 /* Use default algorithm */ 1861 aname = NULL; 1862 } 1863 --- 1047 unchanged lines hidden (view full) --- 2911 2912/* 2913 * Checks table name for validity. 2914 * Enforce basic length checks, the rest 2915 * should be done in userland. 2916 * 2917 * Returns 0 if name is considered valid. 2918 */ |
| 2918int 2919ipfw_check_table_name(char *name) | 2919static int 2920check_table_name(const char *name) |
| 2920{ | 2921{ |
| 2921 int nsize; 2922 ipfw_obj_ntlv *ntlv = NULL; | |
| 2923 | 2922 |
| 2924 nsize = sizeof(ntlv->name); 2925 2926 if (strnlen(name, nsize) == nsize) 2927 return (EINVAL); 2928 2929 if (name[0] == '\0') 2930 return (EINVAL); 2931 | |
| 2932 /* 2933 * TODO: do some more complicated checks 2934 */ | 2923 /* 2924 * TODO: do some more complicated checks 2925 */ |
| 2935 2936 return (0); | 2926 return (ipfw_check_object_name_generic(name)); |
| 2937} 2938 2939/* 2940 * Find tablename TLV by @uid. 2941 * Check @tlvs for valid data inside. 2942 * 2943 * Returns pointer to found TLV or NULL. 2944 */ --- 15 unchanged lines hidden (view full) --- 2960 return (NULL); 2961 2962 if (ntlv->head.type != IPFW_TLV_TBL_NAME) 2963 continue; 2964 2965 if (ntlv->idx != uidx) 2966 continue; 2967 | 2927} 2928 2929/* 2930 * Find tablename TLV by @uid. 2931 * Check @tlvs for valid data inside. 2932 * 2933 * Returns pointer to found TLV or NULL. 2934 */ --- 15 unchanged lines hidden (view full) --- 2950 return (NULL); 2951 2952 if (ntlv->head.type != IPFW_TLV_TBL_NAME) 2953 continue; 2954 2955 if (ntlv->idx != uidx) 2956 continue; 2957 |
| 2968 if (ipfw_check_table_name(ntlv->name) != 0) | 2958 if (check_table_name(ntlv->name) != 0) |
| 2969 return (NULL); 2970 2971 return (ntlv); 2972 } 2973 2974 return (NULL); 2975} 2976 --- 585 unchanged lines hidden --- | 2959 return (NULL); 2960 2961 return (ntlv); 2962 } 2963 2964 return (NULL); 2965} 2966 --- 585 unchanged lines hidden --- |