diff --git a/src/cache.c b/src/cache.c index 7c41e54..79a024f 100644 --- a/src/cache.c +++ b/src/cache.c @@ -34,7 +34,7 @@ struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = { }; struct cache *cache_create(const char *name, enum cache_type type, - unsigned int features, + unsigned int features, struct cache_extra *extra, struct cache_ops *ops) { @@ -53,7 +53,8 @@ struct cache *cache_create(const char *name, enum cache_type type, return NULL; memset(c, 0, sizeof(struct cache)); - strcpy(c->name, name); + strncpy(c->name, name, CACHE_MAX_NAMELEN); + c->name[CACHE_MAX_NAMELEN - 1] = '\0'; c->type = type; for (i = 0; i < CACHE_MAX_FEATURE; i++) { diff --git a/src/cthelper.c b/src/cthelper.c index 6537515..54eb830 100644 --- a/src/cthelper.c +++ b/src/cthelper.c @@ -277,11 +277,11 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data) if (!attr[NFQA_PAYLOAD]) { dlog(LOG_ERR, "packet with no payload"); - goto err; + goto err1; } if (!attr[NFQA_CT] || !attr[NFQA_CT_INFO]) { dlog(LOG_ERR, "no CT attached to this packet"); - goto err; + goto err1; } pkt = mnl_attr_get_payload(attr[NFQA_PAYLOAD]); @@ -292,22 +292,22 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data) queue_num = ntohs(nfg->res_id); if (pkt_get(pkt, pktlen, ntohs(ph->hw_protocol), &protoff)) - goto err; + goto err1; ct = nfct_new(); if (ct == NULL) - goto err; + goto err1; if (nfct_payload_parse(mnl_attr_get_payload(attr[NFQA_CT]), mnl_attr_get_payload_len(attr[NFQA_CT]), l3num, ct) < 0) { dlog(LOG_ERR, "cannot convert message to CT"); - goto err; + goto err2; } myct = calloc(1, sizeof(struct myct)); if (myct == NULL) - goto err; + goto err2; myct->ct = ct; ctinfo = ntohl(mnl_attr_get_u32(attr[NFQA_CT_INFO])); @@ -315,15 +315,15 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data) /* XXX: 256 bytes enough for possible NAT mangling in helpers? */ pktb = pktb_alloc(AF_INET, pkt, pktlen, 256); if (pktb == NULL) - goto err; + goto err3; /* Misconfiguration: if no helper found, accept the packet. */ helper = helper_run(pktb, protoff, myct, ctinfo, queue_num, &verdict); if (!helper) - goto err_pktb; + goto err4; if (pkt_verdict_issue(helper, myct, queue_num, id, verdict, pktb) < 0) - goto err_pktb; + goto err4; nfct_destroy(ct); if (myct->exp != NULL) @@ -333,18 +333,19 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data) free(myct); return MNL_CB_OK; -err_pktb: +err4: pktb_free(pktb); -err: +err3: + free(myct); +err2: + nfct_destroy(ct); +err1: /* In case of error, we don't want to disrupt traffic. We accept all. * This is connection tracking after all. The policy is not to drop * packet unless we enter some inconsistent state. */ pkt_verdict_error(queue_num, id); - if (ct != NULL) - nfct_destroy(ct); - return MNL_CB_OK; } diff --git a/src/local.c b/src/local.c index 453799a..3395b4c 100644 --- a/src/local.c +++ b/src/local.c @@ -77,7 +77,7 @@ int do_local_server_step(struct local_server *server, void *data, int rfd; struct sockaddr_un local; socklen_t sin_size = sizeof(struct sockaddr_un); - + rfd = accept(server->fd, (struct sockaddr *) &local, &sin_size); if (rfd == -1) return -1; @@ -147,11 +147,14 @@ int do_local_request(int request, ret = send(fd, &request, sizeof(int), 0); if (ret == -1) - return -1; + goto err1; do_local_client_step(fd, step); local_client_destroy(fd); - + return 0; +err1: + local_client_destroy(fd); + return -1; } diff --git a/src/parse.c b/src/parse.c index f3ec6ac..919d36c 100644 --- a/src/parse.c +++ b/src/parse.c @@ -297,7 +297,7 @@ int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain) return -1; if (attr->nta_len < NTA_LENGTH(0)) return -1; - if (attr->nta_attr > NTA_MAX) + if (attr->nta_attr >= NTA_MAX) return -1; if (h[attr->nta_attr].size && attr->nta_len != h[attr->nta_attr].size) @@ -510,7 +510,7 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) ATTR_NETWORK2HOST(attr); if (attr->nta_len > len) goto err; - if (attr->nta_attr > NTA_MAX) + if (attr->nta_attr >= NTA_EXP_MAX) goto err; if (attr->nta_len < NTA_LENGTH(0)) goto err; @@ -524,13 +524,15 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) attr = NTA_NEXT(attr, len); continue; } - switch(exp_h[attr->nta_attr].exp_attr) { + switch (exp_h[attr->nta_attr].exp_attr) { case ATTR_EXP_MASTER: exp_h[attr->nta_attr].parse(master, attr->nta_attr, NTA_DATA(attr)); + break; case ATTR_EXP_EXPECTED: exp_h[attr->nta_attr].parse(expected, attr->nta_attr, NTA_DATA(attr)); + break; case ATTR_EXP_MASK: exp_h[attr->nta_attr].parse(mask, attr->nta_attr, NTA_DATA(attr)); diff --git a/src/process.c b/src/process.c index 7f0a395..3ddad5f 100644 --- a/src/process.c +++ b/src/process.c @@ -48,6 +48,8 @@ int fork_process_new(int type, int flags, void (*cb)(void *data), void *data) if (c->pid > 0) list_add(&c->head, &process_list); + else + free(c); return pid; } diff --git a/src/tcp.c b/src/tcp.c index af27c46..e570880 100644 --- a/src/tcp.c +++ b/src/tcp.c @@ -247,13 +247,11 @@ int tcp_accept(struct tcp_sock *m) /* the other peer wants to connect ... */ ret = accept(m->fd, NULL, NULL); if (ret == -1) { - if (errno != EAGAIN) { - /* unexpected error. Give us another try. */ - m->state = TCP_SERVER_ACCEPTING; - } else { - /* waiting for new connections. */ - m->state = TCP_SERVER_ACCEPTING; - } + /* unexpected error: Give us another try. Or we have hit + * -EAGAIN, in that case we remain in the accepting connections + * state. + */ + m->state = TCP_SERVER_ACCEPTING; } else { /* the peer finally got connected. */ if (fcntl(ret, F_SETFL, O_NONBLOCK) == -1) {