status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

improved error handling in parse_rule_nat()

This commit is contained in:
Thomas Bernard 2020-06-07 20:58:25 +02:00
parent d41aceffb5
commit a7eeb5938f
No known key found for this signature in database
GPG Key ID: 0FF11B67A5C0863C
1 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
miniupnpd/netfilter_nft/nftnlrdr_misc.c
View File

@ -252,6 +252,7 @@ parse_rule_nat(struct nftnl_expr *e, rule_t *r)
{ {
uint32_t addr_min_reg, addr_max_reg, proto_min_reg, proto_max_reg; uint32_t addr_min_reg, addr_max_reg, proto_min_reg, proto_max_reg;
uint16_t proto_min_val; uint16_t proto_min_val;
uint32_t * reg_val_ptr;
r->type = RULE_NAT; r->type = RULE_NAT;
r->nat_type = nftnl_expr_get_u32(e, NFTNL_EXPR_NAT_TYPE); r->nat_type = nftnl_expr_get_u32(e, NFTNL_EXPR_NAT_TYPE);
@ -266,16 +267,26 @@ parse_rule_nat(struct nftnl_expr *e, rule_t *r)
log_error( "Unsupport proto/addr range for NAT"); log_error( "Unsupport proto/addr range for NAT");
} }
proto_min_val = htons((uint16_t)*get_reg_val_ptr(r, proto_min_reg)); reg_val_ptr = get_reg_val_ptr(r, proto_min_reg);
if (reg_val_ptr != NULL) {
proto_min_val = htons((uint16_t)*reg_val_ptr);
} else {
syslog(LOG_ERR, "%s: invalid proto_min_reg %u", proto_min_reg);
}
reg_val_ptr = get_reg_val_ptr(r, addr_min_reg);
if (reg_val_prtr != NULL) {
if (r->nat_type == NFT_NAT_DNAT) { if (r->nat_type == NFT_NAT_DNAT) {
r->iaddr = (in_addr_t)*get_reg_val_ptr(r, addr_min_reg); r->iaddr = (in_addr_t)*reg_val_ptr;
r->iport = proto_min_val; r->iport = proto_min_val;
} else if (r->nat_type == NFT_NAT_SNAT) { } else if (r->nat_type == NFT_NAT_SNAT) {
r->eaddr = (in_addr_t)*get_reg_val_ptr(r, addr_min_reg); r->eaddr = (in_addr_t)*reg_val_ptr;
if (proto_min_reg == NFT_REG_1) { if (proto_min_reg == NFT_REG_1) {
r->eport = proto_min_val; r->eport = proto_min_val;
} }
} }
} else {
syslog(LOG_ERR, "%s: invalid addr_min_reg %u", addr_min_reg);
}
set_reg(r, NFT_REG_1, RULE_REG_NONE, 0); set_reg(r, NFT_REG_1, RULE_REG_NONE, 0);
set_reg(r, NFT_REG_2, RULE_REG_NONE, 0); set_reg(r, NFT_REG_2, RULE_REG_NONE, 0);
@ -292,6 +303,10 @@ parse_rule_payload(struct nftnl_expr *e, rule_t *r)
offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET); offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
len = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN); len = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN);
regptr = get_reg_type_ptr(r, dreg); regptr = get_reg_type_ptr(r, dreg);
if (regptr == NULL) {
syslog(LOG_ERR, "%s: unsupported dreg %u", "parse_rule_payload", dreg);
return;
}
switch (base) { switch (base) {
case NFT_PAYLOAD_NETWORK_HEADER: case NFT_PAYLOAD_NETWORK_HEADER:
@ -448,9 +463,8 @@ parse_rule_cmp(struct nftnl_expr *e, rule_t *r)
} }
static int static int
rule_expr_cb(struct nftnl_expr *e, void *data) rule_expr_cb(struct nftnl_expr *e, rule_t *r)
{ {
rule_t *r = data;
const char *attr_name = nftnl_expr_get_str(e, NFTNL_EXPR_NAME); const char *attr_name = nftnl_expr_get_str(e, NFTNL_EXPR_NAME);
if (strncmp("cmp", attr_name, sizeof("cmp")) == 0) { if (strncmp("cmp", attr_name, sizeof("cmp")) == 0) {