Re: 2.4.0+ipchains+sparc 450= CRASH!
Rusty Russell writes: > Oops. Thanks to Anton for testing and touching up this patch. > > The 2.0/2.2 setsockopt code used to do the copy_from_user for you... I've applied this to my tree, thanks a lot. Later, David S. Miller [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.0+ipchains+sparc 450= CRASH!
In message <01013014063301.15042@Petete> you write:
> I use kernel 2.4.0 + ipchains compatibilty. I use ipchains 1.3.9
>
> This code:
>
> ipchains -A input -p tcp --dport 80 -s 192.168.0.35 -j REDIRECT 81
Oops. Thanks to Anton for testing and touching up this patch.
The 2.0/2.2 setsockopt code used to do the copy_from_user for you...
Rusty.
PS. No security worries, as you need CAP_NET_ADMIN for this...
--
Premature optmztion is rt of all evl. --DK
diff -ru --exclude-from=exclude linux/net/ipv4/netfilter/ip_fw_compat.c
linux_work/net/ipv4/netfilter/ip_fw_compat.c
--- linux/net/ipv4/netfilter/ip_fw_compat.c Wed Jan 31 14:47:42 2001
+++ linux_work/net/ipv4/netfilter/ip_fw_compat.cWed Jan 31 14:43:23 2001
@@ -9,6 +9,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -198,14 +199,28 @@
return NF_ACCEPT;
}
-extern int ip_fw_ctl(int optval, void *user, unsigned int len);
+extern int ip_fw_ctl(int optval, void *m, unsigned int len);
static int sock_fn(struct sock *sk, int optval, void *user, unsigned int len)
{
+ /* MAX of:
+ 2.2: sizeof(struct ip_fwtest) (~14x4 + 3x4 = 17x4)
+ 2.2: sizeof(struct ip_fwnew) (~1x4 + 15x4 + 3x4 + 3x4 = 22x4)
+ 2.0: sizeof(struct ip_fw) (~25x4)
+
+ We can't include both 2.0 and 2.2 headers, they conflict.
+ Hence, 200 is a good number. --RR */
+ char tmp_fw[200];
if (!capable(CAP_NET_ADMIN))
return -EPERM;
- return -ip_fw_ctl(optval, user, len);
+ if (len > sizeof(tmp_fw) || len < 1)
+ return -EINVAL;
+
+ if (copy_from_user(&tmp_fw, user, len))
+ return -EFAULT;
+
+ return -ip_fw_ctl(optval, &tmp_fw, len);
}
static struct nf_hook_ops preroute_ops
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
2.4.0+ipchains+sparc 450= CRASH!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have read and applied /usr/src/linux-2.4.0/Documentation/Changes in this machine, but...it does not work <> <> Sun UltraSparc 450, 1 hd scsi, 512 mb ram, kernel 2.4.0, debian woody, kernel 2.4.0 I use kernel 2.4.0 + ipchains compatibilty. I use ipchains 1.3.9 This code: ipchains -A input -p tcp --dport 80 -s 192.168.0.35 -j REDIRECT 81 CRASHES the machine! No response to pings, no network activity, no console prompt response, NOTHING. And /var/log/messages does not say nothing about the problem... But if I do the same sentence it with 2.2.18 or with iptables in 2.4.0, works ok :-( <> <> If you need more info, please reply this e-mail - -- Javier Miguel Rodríguez.(GUFO) Administrador de Sistemas Futura Interactiva Powered by Linux 2.4.0 www.futurainteractiva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjp2yokACgkQnLdfr0FC/yIWtgCgp4A7PJ7olIfy6n48blg5eq5D fuQAnjd3Wz7i63QsOvEjQaVu/3xYi/h9 =qZPy -END PGP SIGNATURE- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
