ipset: Updated to 6.32

release/src-rt-6.x.4708/router/ipset/ChangeLog

@@ -1,3 +1,8 @@
+6.32
+  - Fix possible truncated output in ipset output buffer handling
+    (Reported by Omri Bahumi and Yoni Lavi).
+  - Missing prototype added in ipset_hash_ipmac.c (debugging)
+
 6.31
   - Update manpage about the size parameter of list:set types.
   - New test to verify that only the intended entries are deleted at hash

release/src-rt-6.x.4708/router/ipset/configure.ac

@@ -1,5 +1,5 @@
 dnl Boilerplate
-AC_INIT([ipset], [6.31], [kadlec@blackhole.kfki.hu])
+AC_INIT([ipset], [6.32], [kadlec@blackhole.kfki.hu])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CANONICAL_HOST
 AC_CONFIG_MACRO_DIR([m4])
@@ -9,6 +9,8 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
 AC_ENABLE_STATIC
 LT_INIT([dlopen])
+LT_CONFIG_LTDL_DIR([libltdl])
+LTDL_INIT([nonrecursive])
 
 PKG_PROG_PKG_CONFIG
 

release/src-rt-6.x.4708/router/ipset/lib/ipset_hash_ipmac.c

@@ -159,6 +159,7 @@ static struct ipset_type ipset_hash_ipmac0 = {
 	.description = "Initial revision",
 };
 
+void _init(void);
 void _init(void)
 {
 	ipset_type_add(&ipset_hash_ipmac0);

release/src-rt-6.x.4708/router/ipset/lib/print.c

@@ -31,7 +31,7 @@
 #define SNPRINTF_FAILURE(size, len, offset)			\
 do {								\
 	if (size < 0 || (unsigned int) size >= len)		\
-		return size;					\
+		return offset + size;				\
 	offset += size;						\
 	len -= size;						\
 } while (0)

release/src-rt-6.x.4708/router/ipset/lib/session.c

@@ -706,33 +706,47 @@ call_outfn(struct ipset_session *session)
 /* Handle printing failures */
 static jmp_buf printf_failure;
 
-static int __attribute__((format(printf, 2, 3)))
-safe_snprintf(struct ipset_session *session, const char *fmt, ...)
+static int
+handle_snprintf_error(struct ipset_session *session,
+		      int len, int ret, int loop)
 {
-	va_list args;
-	int len, ret, loop = 0;
-
-retry:
-	len = strlen(session->outbuf);
-	D("len: %u, retry %u", len, loop);
-	va_start(args, fmt);
-	ret = vsnprintf(session->outbuf + len, IPSET_OUTBUFLEN - len,
-			fmt, args);
-	va_end(args);
-
 	if (ret < 0 || ret >= IPSET_OUTBUFLEN - len) {
 		/* Buffer was too small, push it out and retry */
-		D("print buffer and try again: %u", len);
-		if (loop++) {
+		D("print buffer and try again: len: %u, ret: %d", len, ret);
+		if (loop) {
 			ipset_err(session,
 				"Internal error at printing, loop detected!");
 			longjmp(printf_failure, 1);
 		}
 
 		session->outbuf[len] = '\0';
-		if (!call_outfn(session))
-			goto retry;
+		if (call_outfn(session)) {
+			ipset_err(session,
+				"Internal error, could not print output buffer!");
+			longjmp(printf_failure, 1);
+		}
+		return 1;
 	}
+	return 0;
+}
+
+static int __attribute__((format(printf, 2, 3)))
+safe_snprintf(struct ipset_session *session, const char *fmt, ...)
+{
+	va_list args;
+	int len, ret, loop = 0;
+
+	do {
+		len = strlen(session->outbuf);
+		D("len: %u, retry %u", len, loop);
+		va_start(args, fmt);
+		ret = vsnprintf(session->outbuf + len,
+				IPSET_OUTBUFLEN - len,
+				fmt, args);
+		va_end(args);
+		loop = handle_snprintf_error(session, len, ret, loop);
+	} while (loop);
+
 	return ret;
 }
 
@@ -742,25 +756,14 @@ safe_dprintf(struct ipset_session *session, ipset_printfn fn,
 {
 	int len, ret, loop = 0;
 
-retry:
-	len = strlen(session->outbuf);
-	D("len: %u, retry %u", len, loop);
-	ret = fn(session->outbuf + len, IPSET_OUTBUFLEN - len,
-		 session->data, opt, session->envopts);
-
-	if (ret < 0 || ret >= IPSET_OUTBUFLEN - len) {
-		/* Buffer was too small, push it out and retry */
-		D("print buffer and try again: %u", len);
-		if (loop++) {
-			ipset_err(session,
-				"Internal error at printing, loop detected!");
-			longjmp(printf_failure, 1);
-		}
+	do {
+		len = strlen(session->outbuf);
+		D("len: %u, retry %u", len, loop);
+		ret = fn(session->outbuf + len, IPSET_OUTBUFLEN - len,
+			 session->data, opt, session->envopts);
+		loop = handle_snprintf_error(session, len, ret, loop);
+	} while (loop);
 
-		session->outbuf[len] = '\0';
-		if (!call_outfn(session))
-			goto retry;
-	}
 	return ret;
 }