mirror of
https://github.com/qosmio/nss-packages.git
synced 2025-12-19 01:31:49 +00:00
2a9e76182d
qca-nss-ecm: avoid a memcpy overflow in ecm_db Reference: https://github.com/robimarko/nss-packages/pull/10/files qca-nss-ecm: fix nf_ct_net null pointer reference Fixed by xsm1997, massive thanks! It fixes a null pointer access which is introduced in previous qca-nss-ecm patches. Reference: https://github.com/bitthief/openwrt/issues/9
76 lines
2.4 KiB
Diff
76 lines
2.4 KiB
Diff
--- a/frontends/nss/ecm_nss_ported_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv4.c
|
|
@@ -335,8 +335,12 @@ static void ecm_nss_ported_ipv4_connecti
|
|
uint8_t dest_mac_xlate[ETH_ALEN];
|
|
ecm_db_direction_t ecm_dir;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
- struct net *net = nf_ct_net(ct);
|
|
- struct nf_tcp_net *tn = nf_tcp_pernet(net);
|
|
+ struct nf_tcp_net *tn;
|
|
+
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
--- a/frontends/nss/ecm_nss_ported_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv6.c
|
|
@@ -340,8 +340,12 @@ static void ecm_nss_ported_ipv6_connecti
|
|
ip_addr_t src_ip;
|
|
ip_addr_t dest_ip;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
- struct net *net = nf_ct_net(ct);
|
|
- struct nf_tcp_net *tn = nf_tcp_pernet(net);
|
|
+ struct nf_tcp_net *tn;
|
|
+
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
@@ -365,11 +365,15 @@ static void ecm_sfe_ported_ipv4_connecti
|
|
uint8_t dest_mac_xlate[ETH_ALEN];
|
|
ecm_db_direction_t ecm_dir;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
- struct net *net = nf_ct_net(ct);
|
|
- struct nf_tcp_net *tn = nf_tcp_pernet(net);
|
|
+ struct nf_tcp_net *tn;
|
|
uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
|
|
ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
|
|
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
+
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
/*
|
|
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
@@ -369,11 +369,15 @@ static void ecm_sfe_ported_ipv6_connecti
|
|
ip_addr_t src_ip;
|
|
ip_addr_t dest_ip;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
- struct net *net = nf_ct_net(ct);
|
|
- struct nf_tcp_net *tn = nf_tcp_pernet(net);
|
|
+ struct nf_tcp_net *tn;
|
|
uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
|
|
ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
|
|
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
+
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
/*
|