netfilter buglog - Jan 2014 - [Bug 890] New: Bug in ulogd_filter_IP2BIN

https://bugzilla.netfilter.org/show_bug.cgi?id=890

           Summary: Bug in ulogd_filter_IP2BIN
           Product: ulogd
           Version: SVN (please provide timestamp)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: ulogd_MYSQL
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: etmsys at rit.edu
   Estimated Hours: 0.0


Created attachment 434
  --> https://bugzilla.netfilter.org/attachment.cgi?id=434
Patch to ulogd_filter_IP2BIN.c

A bug in the IP2BIN filter would cause the reply_ip_daddr to be NULL when added
to MySQL.  Since it appears only MySQL uses this, it would affect the MYSQL
output plugin.  I compared IP2BIN to IP2STR and found one difference. I applied
this patch and it resolved the issue (attachment too):



--- ulogd-2.0.3.orig/filter/ulogd_filter_IP2BIN.c       2013-06-18
16:52:50.269920891 -0400
+++ ulogd-2.0.3/filter/ulogd_filter_IP2BIN.c    2014-01-29 10:49:37.641807142
-0500
@@ -205,7 +205,7 @@
        int fret;

        /* Iter on all addr fields */
-       for(i = START_KEY; i < MAX_KEY; i++) {
+       for(i = START_KEY; i <= MAX_KEY; i++) {
                if (pp_is_valid(inp, i)) {
                        fret = ip2bin(inp, i, i-START_KEY);
                        if (fret != ULOGD_IRET_OK)

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=890

Bart Mermuys <bmermuys at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bmermuys at hotmail.com

--- Comment #1 from Bart Mermuys <bmermuys at hotmail.com> 2014-05-14
19:49:41 CEST ---

The bug is larger than mentioned by the original poster.

1) It applies to IP2BIN but also to HWHDR, IP2HBIN and IP2STR.

2) In some files it's a for condition that's wrong but in some it's
(also) an
incorrectly sized array.


==Signed-off-by: Bart Mermuys <bart.mermuys at gmail.com>

---
 filter/ulogd_filter_HWHDR.c   |    2 +-
 filter/ulogd_filter_IP2BIN.c  |    4 ++--
 filter/ulogd_filter_IP2HBIN.c |    2 +-
 filter/ulogd_filter_IP2STR.c  |    2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/filter/ulogd_filter_HWHDR.c b/filter/ulogd_filter_HWHDR.c
index 3b095c9..749bc50 100644
--- a/filter/ulogd_filter_HWHDR.c
+++ b/filter/ulogd_filter_HWHDR.c
@@ -109,7 +109,7 @@ static struct ulogd_key mac2str_keys[] = {
     },
 };

-static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];
+static char hwmac_str[MAX_KEY - START_KEY+1][HWADDR_LENGTH];

 static int parse_mac2str(struct ulogd_key *ret, unsigned char *mac,
              int okey, int len)
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index e47eeaf..95db8b0 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -114,7 +114,7 @@ static struct ulogd_key ip2bin_keys[] = {

 };

-static char ipbin_array[MAX_KEY-START_KEY][IPADDR_LENGTH];
+static char ipbin_array[MAX_KEY-START_KEY+1][IPADDR_LENGTH];

 /**
  * Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address:
@@ -205,7 +205,7 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
     int fret;

     /* Iter on all addr fields */
-    for(i = START_KEY; i < MAX_KEY; i++) {
+    for(i = START_KEY; i <= MAX_KEY; i++) {
         if (pp_is_valid(inp, i)) {
             fret = ip2bin(inp, i, i-START_KEY);
             if (fret != ULOGD_IRET_OK)
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 4fd3ff1..564424f 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -153,7 +153,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
     }

     /* Iter on all addr fields */
-    for(i = START_KEY; i < MAX_KEY; i++) {
+    for(i = START_KEY; i <= MAX_KEY; i++) {
         if (pp_is_valid(inp, i)) {
             switch (convfamily) {
             case AF_INET:
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 732e1ef..5880a2c 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -137,7 +137,7 @@ static struct ulogd_key ip2str_keys[] = {
     },
 };

-static char ipstr_array[MAX_KEY-START_KEY][IPADDR_LENGTH];
+static char ipstr_array[MAX_KEY-START_KEY+1][IPADDR_LENGTH];

 static int ip2str(struct ulogd_key *inp, int index, int oindex)
 {
-- 
1.7.9.5

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=890

Bart Mermuys <bmermuys at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #434 is|0                           |1
           obsolete|                            |

--- Comment #2 from Bart Mermuys <bmermuys at hotmail.com> 2014-05-14
19:53:40 CEST ---
Created attachment 443
  --> https://bugzilla.netfilter.org/attachment.cgi?id=443
Patch for ip2bin, hwhdr, ip2str, ip2hbin filters

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.