gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

nfqws2: prevent OOB read in addpool

Browse Source
This commit is contained in:
bol-van
2026-02-23 18:44:27 +03:00
parent dbf673e24a
commit 937aa91e5d
2 changed files with 51 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nfq2/hostlist.c
View File

@@ -11,7 +11,7 @@ static bool addpool(hostlist_pool **hostlist, char **s, const char *end, int *ct
for (; p<end && (*p==' ' || *p=='\t') ; p++); for (; p<end && (*p==' ' || *p=='\t') ; p++);
*s = p; *s = p;
// comment line ? // comment line ?
if ( *p != '#' && *p != ';' && *p != '/' && *p != '\r' && *p != '\n') if (p<end && *p != '#' && *p != ';' && *p != '/' && *p != '\r' && *p != '\n')
{ {
// advance until eol lowering all chars // advance until eol lowering all chars
uint32_t flags = 0; uint32_t flags = 0;
@@ -66,18 +66,21 @@ bool AppendHostList(hostlist_pool **hostlist, const char *filename)
{ {
DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize); DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
p = zbuf; if (zbuf)
e = zbuf + zsize;
while(p<e)
{ {
if (!addpool(hostlist,&p,e,&ct)) p = zbuf;
e = zbuf + zsize;
while(p<e)
{ {
DLOG_ERR("Not enough memory to store host list : %s\n", filename); if (!addpool(hostlist,&p,e,&ct))
free(zbuf); {
return false; DLOG_ERR("Not enough memory to store host list : %s\n", filename);
free(zbuf);
return false;
}
} }
free(zbuf);
} }
free(zbuf);
} }
else else
{ {

71
nfq2/ipset.c
View File

@@ -12,37 +12,41 @@ static bool addpool(ipset *ips, char **s, const char *end, int *ct)
struct cidr6 c6; struct cidr6 c6;
for (p=*s; p<end && (*p==' ' || *p=='\t') ; p++); for (p=*s; p<end && (*p==' ' || *p=='\t') ; p++);
*s=p; if (p<end)
for (; p<end && *p && *p!=' ' && *p!='\t' && *p!='\r' && *p != '\n'; p++);
// comment line
if (!(**s == '#' || **s == ';' || **s == '/' || **s == '\r' || **s == '\n' ))
{ {
l = p-*s; // comment line
if (l>=sizeof(cidr)) l=sizeof(cidr)-1; if (!(*p == '#' || *p == ';' || *p == '/' || *p == '\r' || *p == '\n' ))
memcpy(cidr,*s,l); {
cidr[l]=0; *s=p;
// advance to the token's end
for (; p<end && *p && *p!=' ' && *p!='\t' && *p!='\r' && *p != '\n'; p++);
if (parse_cidr4(cidr,&c4)) l = p-*s;
{ if (l>=sizeof(cidr)) l=sizeof(cidr)-1;
if (!ipset4AddCidr(&ips->ips4, &c4)) memcpy(cidr,*s,l);
cidr[l]=0;
if (parse_cidr4(cidr,&c4))
{ {
ipsetDestroy(ips); if (!ipset4AddCidr(&ips->ips4, &c4))
return false; {
ipsetDestroy(ips);
return false;
}
if (ct) (*ct)++;
} }
if (ct) (*ct)++; else if (parse_cidr6(cidr,&c6))
}
else if (parse_cidr6(cidr,&c6))
{
if (!ipset6AddCidr(&ips->ips6, &c6))
{ {
ipsetDestroy(ips); if (!ipset6AddCidr(&ips->ips6, &c6))
return false; {
ipsetDestroy(ips);
return false;
}
if (ct) (*ct)++;
} }
if (ct) (*ct)++; else
DLOG_ERR("bad ip or subnet : %s\n",cidr);
} }
else
DLOG_ERR("bad ip or subnet : %s\n",cidr);
} }
// skip remaining non-eol chars // skip remaining non-eol chars
@@ -83,18 +87,21 @@ static bool AppendIpset(ipset *ips, const char *filename)
{ {
DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize); DLOG_CONDUP("zlib compression detected. uncompressed size : %zu\n", zsize);
p = zbuf; if (zbuf)
e = zbuf + zsize;
while(p<e)
{ {
if (!addpool(ips,&p,e,&ct)) p = zbuf;
e = zbuf + zsize;
while(p<e)
{ {
DLOG_ERR("Not enough memory to store ipset : %s\n", filename); if (!addpool(ips,&p,e,&ct))
free(zbuf); {
return false; DLOG_ERR("Not enough memory to store ipset : %s\n", filename);
free(zbuf);
return false;
}
} }
free(zbuf);
} }
free(zbuf);
} }
else else
{ {