bugzilla-daemon at netfilter.org
2020-Aug-28 15:34 UTC
[Bug 1459] New: EMLINK error for NFT_GOTO
https://bugzilla.netfilter.org/show_bug.cgi?id=1459 Bug ID: 1459 Summary: EMLINK error for NFT_GOTO Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: steve at opendium.com Created attachment 605 --> https://bugzilla.netfilter.org/attachment.cgi?id=605&action=edit Don't increment pctx->level when following gotos nft_immediate_validate() and nft_lookup_validate_setelem() treat NFT_GOTO and NFT_JUMP identically, incrementing pctx->level for both. This results in a -EMLINK ("Too many links") being unexpectedly returned for rulesets that use lots of gotos. Having looked at other parts of the code, I can't see a reason for incrementing the stack level for NFT_GOTO - it doesn't appear to use any real stack space. The attached patch fixes this problem. A couple of stylistic comments on the code, which I haven't attempted to fix: 1. ctx is passed as a const, but the constness is cast away, which isn't great practice. 2. ctx->level is modified, even though ctx is passed as a const, and in the case of an error the original value isn't restored. I'm guessing that the caller probably throws away ctx anyway, so this probably doesn't have any real-world implications, other than the potential for future bugs introduced by someone expecting const to mean const. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/9f44392c/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-28 15:51 UTC
[Bug 1459] EMLINK error for NFT_GOTO
https://bugzilla.netfilter.org/show_bug.cgi?id=1459 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Patch looks good, could you submit this to netfilter-devel at vger.kernel.org? Please add you Signed-off-by: tag to you patch See: https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html#developer-s-certificate-of-origin-1-1 for more information. Thanks. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/0c14588a/attachment.html>
Reasonably Related Threads
- attachment sis + EMLINK (too many links) = segfault bug (2.2.12)
- link(2) EMLINK error behavior with --link-dest and --hard-links
- File Attachments for previous bug report
- Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
- [Bug 915] New: segfault in error case : expr_evaluate_payload not checking payload->payload.desc being null