From 2036da41552f5e19d3de08e9bbe4d3bdfea761f0 Mon Sep 17 00:00:00 2001 From: Simon THOBY Date: Wed, 20 Oct 2021 21:56:10 +0200 Subject: fix a few cases where we didn't sanitize properly pointers from libnftnl --- rustables/src/table.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'rustables/src/table.rs') diff --git a/rustables/src/table.rs b/rustables/src/table.rs index dc09b5e..53a967f 100644 --- a/rustables/src/table.rs +++ b/rustables/src/table.rs @@ -35,10 +35,14 @@ impl Table { } /// Returns the name of this table. - pub fn get_name(&self) -> &CStr { + pub fn get_name(&self) -> Option<&CStr> { unsafe { let ptr = sys::nftnl_table_get_str(self.table, sys::NFTNL_TABLE_NAME as u16); - CStr::from_ptr(ptr) + if !ptr.is_null() { + Some(CStr::from_ptr(ptr)) + } else { + None + } } } @@ -66,10 +70,11 @@ impl Table { pub fn get_userdata(&self) -> Option<&CStr> { unsafe { let ptr = sys::nftnl_table_get_str(self.table, sys::NFTNL_TABLE_USERDATA as u16); - if ptr == std::ptr::null() { - return None; + if !ptr.is_null() { + Some(CStr::from_ptr(ptr)) + } else { + None } - Some(CStr::from_ptr(ptr)) } } -- cgit v1.2.3 From 0156ef5a8b0bdc8e07b8ac12e4c99d5047f1c9cc Mon Sep 17 00:00:00 2001 From: Simon THOBY Date: Wed, 27 Oct 2021 19:54:58 +0200 Subject: fix: retrieving the name of a table or a chain cannot fail --- rustables/src/chain.rs | 18 ++++++++++-------- rustables/src/rule.rs | 32 ++++++++++++++++++++------------ rustables/src/set.rs | 4 +--- rustables/src/table.rs | 8 ++++---- 4 files changed, 35 insertions(+), 27 deletions(-) (limited to 'rustables/src/table.rs') diff --git a/rustables/src/chain.rs b/rustables/src/chain.rs index 3e28ab0..ac9c57d 100644 --- a/rustables/src/chain.rs +++ b/rustables/src/chain.rs @@ -87,9 +87,11 @@ impl Chain { sys::NFTNL_CHAIN_FAMILY as u16, table.get_family() as u32, ); - if let Some(table_name) = table.get_name() { - sys::nftnl_chain_set_str(chain, sys::NFTNL_CHAIN_TABLE as u16, table_name.as_ptr()); - } + sys::nftnl_chain_set_str( + chain, + sys::NFTNL_CHAIN_TABLE as u16, + table.get_name().as_ptr(), + ); sys::nftnl_chain_set_str(chain, sys::NFTNL_CHAIN_NAME as u16, name.as_ref().as_ptr()); Chain { chain, table } } @@ -152,13 +154,13 @@ impl Chain { } /// Returns the name of this chain. - pub fn get_name(&self) -> Option<&CStr> { + pub fn get_name(&self) -> &CStr { unsafe { let ptr = sys::nftnl_chain_get_str(self.chain, sys::NFTNL_CHAIN_NAME as u16); - if !ptr.is_null() { - Some(CStr::from_ptr(ptr)) + if ptr.is_null() { + panic!("Impossible situation: retrieving the name of a chain failed") } else { - None + CStr::from_ptr(ptr) } } } @@ -269,7 +271,7 @@ pub fn get_chains_cb<'a>( } }; - if Some(table_name) != table.get_name() { + if table_name != table.get_name() { sys::nftnl_chain_free(chain); return mnl::mnl_sys::MNL_CB_OK; } diff --git a/rustables/src/rule.rs b/rustables/src/rule.rs index 7ab0de9..fcacf6a 100644 --- a/rustables/src/rule.rs +++ b/rustables/src/rule.rs @@ -24,12 +24,16 @@ impl Rule { sys::NFTNL_RULE_FAMILY as u16, chain.get_table().get_family() as u32, ); - if let Some(table_name) = chain.get_table().get_name() { - sys::nftnl_rule_set_str(rule, sys::NFTNL_RULE_TABLE as u16, table_name.as_ptr()); - } - if let Some(chain_name) = chain.get_name() { - sys::nftnl_rule_set_str(rule, sys::NFTNL_RULE_CHAIN as u16, chain_name.as_ptr()); - } + sys::nftnl_rule_set_str( + rule, + sys::NFTNL_RULE_TABLE as u16, + chain.get_table().get_name().as_ptr(), + ); + sys::nftnl_rule_set_str( + rule, + sys::NFTNL_RULE_CHAIN as u16, + chain.get_name().as_ptr(), + ); Rule { rule, chain } } @@ -238,17 +242,21 @@ pub fn list_rules_for_chain(chain: &Rc) -> Result, crate::query return Err(crate::query::Error::NetlinkAllocationFailed); } - if let Some(table_name) = chain.get_table().get_name() { - sys::nftnl_rule_set_str(rule, sys::NFTNL_RULE_TABLE as u16, table_name.as_ptr()); - } + sys::nftnl_rule_set_str( + rule, + sys::NFTNL_RULE_TABLE as u16, + chain.get_table().get_name().as_ptr(), + ); sys::nftnl_rule_set_u32( rule, sys::NFTNL_RULE_FAMILY as u16, chain.get_table().get_family() as u32, ); - if let Some(chain_name) = chain.get_name() { - sys::nftnl_rule_set_str(rule, sys::NFTNL_RULE_CHAIN as u16, chain_name.as_ptr()); - } + sys::nftnl_rule_set_str( + rule, + sys::NFTNL_RULE_CHAIN as u16, + chain.get_name().as_ptr(), + ); sys::nftnl_rule_nlmsg_build_payload(hdr, rule); diff --git a/rustables/src/set.rs b/rustables/src/set.rs index c099088..aef74db 100644 --- a/rustables/src/set.rs +++ b/rustables/src/set.rs @@ -42,9 +42,7 @@ impl<'a, K> Set<'a, K> { let set = try_alloc!(sys::nftnl_set_alloc()); sys::nftnl_set_set_u32(set, sys::NFTNL_SET_FAMILY as u16, family as u32); - if let Some(table_name) = table.get_name() { - sys::nftnl_set_set_str(set, sys::NFTNL_SET_TABLE as u16, table_name.as_ptr()); - } + sys::nftnl_set_set_str(set, sys::NFTNL_SET_TABLE as u16, table.get_name().as_ptr()); sys::nftnl_set_set_str(set, sys::NFTNL_SET_NAME as u16, name.as_ptr()); sys::nftnl_set_set_u32(set, sys::NFTNL_SET_ID as u16, id); diff --git a/rustables/src/table.rs b/rustables/src/table.rs index 53a967f..7cc475f 100644 --- a/rustables/src/table.rs +++ b/rustables/src/table.rs @@ -35,13 +35,13 @@ impl Table { } /// Returns the name of this table. - pub fn get_name(&self) -> Option<&CStr> { + pub fn get_name(&self) -> &CStr { unsafe { let ptr = sys::nftnl_table_get_str(self.table, sys::NFTNL_TABLE_NAME as u16); - if !ptr.is_null() { - Some(CStr::from_ptr(ptr)) + if ptr.is_null() { + panic!("Impossible situation: retrieving the name of a chain failed") } else { - None + CStr::from_ptr(ptr) } } } -- cgit v1.2.3