Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
keepalived
bsc-1228123.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc-1228123.patch of Package keepalived
--- keepalived-2.2.8-orig/keepalived/core/global_parser.c 2023-04-01 19:39:25.000000000 +0200 +++ keepalived-2.2.8/keepalived/core/global_parser.c 2024-09-10 10:16:41.921207664 +0200 @@ -1058,117 +1058,171 @@ else global_data->vrrp_higher_prio_send_advert = true; } -#ifdef _WITH_IPTABLES_ +#if defined _WITH_IPTABLES_ || defined _WITH_NFTABLES_ +static bool +check_valid_iptables_ipset_nftables_name(const vector_t *strvec, unsigned entry, unsigned max_len, const char *type_name, const char *log_name) +{ + if (strlen(strvec_slot(strvec, entry)) >= max_len - 1) { + report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : %s %s name too long - ignored", type_name, log_name); + return false; + } + + if (strlen(strvec_slot(strvec, entry)) == 0) { + report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : %s %s name empty - ignored", type_name, log_name); + return false; + } + + return true; +} +#endif + +#ifdef _WITH_IPTABLES_ +static bool +check_valid_iptables_chain_name(const vector_t *strvec, unsigned entry, const char *log_name) +{ + return check_valid_iptables_ipset_nftables_name(strvec, entry, XT_EXTENSION_MAXNAMELEN, "iptables", log_name); +} + static void -vrrp_iptables_handler(const vector_t *strvec) +vrrp_iptables_handler(const vector_t *strvec) { - if (global_data->vrrp_iptables_inchain) { - report_config_error(CONFIG_GENERAL_ERROR, "iptables already specified - ignoring"); - return; - } - - if (vector_size(strvec) >= 2) { - if (strlen(strvec_slot(strvec,1)) >= XT_EXTENSION_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : iptables in chain name too long - ignored"); - return; - } - global_data->vrrp_iptables_inchain = STRDUP(strvec_slot(strvec,1)); - if (vector_size(strvec) >= 3) { - if (strlen(strvec_slot(strvec,2)) >= XT_EXTENSION_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : iptables out chain name too long - ignored"); - return; - } - global_data->vrrp_iptables_outchain = STRDUP(strvec_slot(strvec,2)); - } - } else { - global_data->vrrp_iptables_inchain = STRDUP(DEFAULT_IPTABLES_CHAIN_IN); - global_data->vrrp_iptables_outchain = STRDUP(DEFAULT_IPTABLES_CHAIN_OUT); - } + if (global_data->vrrp_iptables_inchain) { + report_config_error(CONFIG_GENERAL_ERROR, "iptables already specified - ignoring"); + return; + } + + if (vector_size(strvec) >= 2) { + if (!check_valid_iptables_chain_name(strvec, 1, "in chain")) + return; + global_data->vrrp_iptables_inchain = STRDUP(strvec_slot(strvec,1)); + if (vector_size(strvec) >= 3) { + if (!check_valid_iptables_chain_name(strvec, 2, "out chain")) + return; + + if (!strcmp(global_data->vrrp_iptables_inchain, strvec_slot(strvec, 2))) { + log_message(LOG_INFO, "vrrp_iptables: chain names cannot be the same"); + FREE_CONST_PTR(global_data->vrrp_iptables_inchain); + + return; + } + global_data->vrrp_iptables_outchain = STRDUP(strvec_slot(strvec,2)); + } + + return; + } + + global_data->vrrp_iptables_inchain = STRDUP(DEFAULT_IPTABLES_CHAIN_IN); + global_data->vrrp_iptables_outchain = STRDUP(DEFAULT_IPTABLES_CHAIN_OUT); } + #ifdef _HAVE_LIBIPSET_ +static bool +check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name) +{ + return check_valid_iptables_ipset_nftables_name(strvec, entry, IPSET_MAXNAMELEN, "ipset", log_name); +} + static void vrrp_ipsets_handler(const vector_t *strvec) { - size_t len; - char set_name[IPSET_MAXNAMELEN]; - - FREE_CONST_PTR(global_data->vrrp_ipset_address); - FREE_CONST_PTR(global_data->vrrp_ipset_address6); - FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6); - FREE_CONST_PTR(global_data->vrrp_ipset_igmp); - FREE_CONST_PTR(global_data->vrrp_ipset_mld); - - if (vector_size(strvec) < 2) { - global_data->using_ipsets = false; - return; - } - - if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored"); - return; - } - global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1)); - - if (vector_size(strvec) >= 3) { - if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored"); - return; - } - global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2)); - } - else { - /* No second set specified, copy first name and add "6" */ - strcpy_safe(set_name, global_data->vrrp_ipset_address); - set_name[IPSET_MAXNAMELEN - 2] = '\0'; - strcat(set_name, "6"); - global_data->vrrp_ipset_address6 = STRDUP(set_name); - } - if (vector_size(strvec) >= 4) { - if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored"); - return; - } - global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3)); - } - else { - /* No third set specified, copy second name and add "_if6" */ - strcpy_safe(set_name, global_data->vrrp_ipset_address6); - len = strlen(set_name); - if (set_name[len-1] == '6') - set_name[--len] = '\0'; - set_name[IPSET_MAXNAMELEN - 5] = '\0'; - strcat(set_name, "_if6"); - global_data->vrrp_ipset_address_iface6 = STRDUP(set_name); - } - - if (vector_size(strvec) >= 5) { - if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored"); - return; - } - global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4)); - } - else { - /* No second set specified, copy first name and add "_igmp" */ - strcpy_safe(set_name, global_data->vrrp_ipset_address); - set_name[sizeof(set_name) - 6] = '\0'; - strcat(set_name, "_igmp"); - global_data->vrrp_ipset_igmp = STRDUP(set_name); - } - if (vector_size(strvec) >= 6) { - if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) { - report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored"); - return; - } - global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5)); - } - else { - /* No second set specified, copy first name and add "_mld" */ - strcpy_safe(set_name, global_data->vrrp_ipset_address); - set_name[sizeof(set_name) - 5] = '\0'; - strcat(set_name, "_mld"); - global_data->vrrp_ipset_mld = STRDUP(set_name); - } + size_t len; + char set_name[IPSET_MAXNAMELEN]; + unsigned sn0, sn1; + const char **set_names[] = { + &global_data->vrrp_ipset_address, + &global_data->vrrp_ipset_address6, + &global_data->vrrp_ipset_address_iface6, + &global_data->vrrp_ipset_igmp, + &global_data->vrrp_ipset_mld + }; + + FREE_CONST_PTR(global_data->vrrp_ipset_address); + FREE_CONST_PTR(global_data->vrrp_ipset_address6); + FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6); + FREE_CONST_PTR(global_data->vrrp_ipset_igmp); + FREE_CONST_PTR(global_data->vrrp_ipset_mld); + global_data->using_ipsets = PARAMETER_UNSET; + + if (vector_size(strvec) < 2) { + global_data->using_ipsets = false; + return; + } + + if (!check_valid_ipset_name(strvec, 1, "address")) + return; + global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1)); + + if (vector_size(strvec) >= 3) { + if (!check_valid_ipset_name(strvec, 2, "IPv6 address")) + goto ipset_error; + global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2)); + } else { + /* No second set specified, copy first name and add "6" */ + strcpy_safe(set_name, global_data->vrrp_ipset_address); + set_name[IPSET_MAXNAMELEN - 2] = '\0'; + strcat(set_name, "6"); + global_data->vrrp_ipset_address6 = STRDUP(set_name); + } + + if (vector_size(strvec) >= 4) { + if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface")) + goto ipset_error; + global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3)); + } else { + /* No third set specified, copy second name and add "_if6" */ + strcpy_safe(set_name, global_data->vrrp_ipset_address6); + len = strlen(set_name); + if (set_name[len-1] == '6') + set_name[--len] = '\0'; + set_name[IPSET_MAXNAMELEN - 5] = '\0'; + strcat(set_name, "_if6"); + global_data->vrrp_ipset_address_iface6 = STRDUP(set_name); + } + + if (vector_size(strvec) >= 5) { + if (!check_valid_ipset_name(strvec, 4, "IGMP")) + goto ipset_error; + global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4)); + } else { + /* No second set specified, copy first name and add "_igmp" */ + strcpy_safe(set_name, global_data->vrrp_ipset_address); + set_name[sizeof(set_name) - 6] = '\0'; + strcat(set_name, "_igmp"); + global_data->vrrp_ipset_igmp = STRDUP(set_name); + } + + if (vector_size(strvec) >= 6) { + if (!check_valid_ipset_name(strvec, 5, "MLD")) + goto ipset_error; + global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5)); + } else { + /* No second set specified, copy first name and add "_mld" */ + strcpy_safe(set_name, global_data->vrrp_ipset_address); + set_name[sizeof(set_name) - 5] = '\0'; + strcat(set_name, "_mld"); + global_data->vrrp_ipset_mld = STRDUP(set_name); + } + + /* Ensure all the set names are different */ + for (sn0 = 0; sn0 < sizeof(set_names) / sizeof(set_names[0]) - 1; sn0++) { + for (sn1 = sn0 + 1; sn1 < sizeof(set_names) / sizeof(set_names[0]); sn1++) { + if (!strcmp(*set_names[sn0], *set_names[sn1])) { + report_config_error(CONFIG_GENERAL_ERROR, "vrrp_ipsets: set name %s used more than once", *set_names[sn0]); + goto ipset_error; + } + } + } + + global_data->using_ipsets = true; + + return; + +ipset_error: + FREE_CONST_PTR(global_data->vrrp_ipset_address); + FREE_CONST_PTR(global_data->vrrp_ipset_address6); + FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6); + FREE_CONST_PTR(global_data->vrrp_ipset_igmp); + FREE_CONST_PTR(global_data->vrrp_ipset_mld); } #endif #elif defined _WITH_NFTABLES_
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
