14 Star 0 Fork 6

ocs-commit/keepalived

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
e78513fe0ce5d83c226ea2c0bd222f375c2438e7.patch 4.00 KB
一键复制 编辑 原始数据 按行查看 历史
ocs-bot 提交于 2024-12-25 15:49 . - Apply patches from rpm-tracker
From e78513fe0ce5d83c226ea2c0bd222f375c2438e7 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <[email protected]>
Date: Fri, 12 Jul 2024 15:16:47 +0100
Subject: [PATCH] vrrp: Handle empty ipset names with vrrp_ipsets keyword
We now handle empty ipset names and return a config error.
Signed-off-by: Quentin Armitage <[email protected]>
---
keepalived/core/global_parser.c | 40 ++++++++++++++++++---------------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/keepalived/core/global_parser.c b/keepalived/core/global_parser.c
index ed76b5cb08..8935e50273 100644
--- a/keepalived/core/global_parser.c
+++ b/keepalived/core/global_parser.c
@@ -1099,6 +1099,22 @@ vrrp_iptables_handler(const vector_t *strvec)
}
}
#ifdef _HAVE_LIBIPSET_
+static bool
+check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
+{
+ if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
+ return false;
+ }
+
+ if (strlen(strvec_slot(strvec, entry)) == 0) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
+ return false;
+ }
+
+ return true;
+}
+
static void
vrrp_ipsets_handler(const vector_t *strvec)
{
@@ -1119,17 +1135,13 @@ vrrp_ipsets_handler(const vector_t *strvec)
return;
}
- if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 1, "address"))
return;
- }
global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
if (vector_size(strvec) >= 3) {
- if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
return;
- }
global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
} else {
/* No second set specified, copy first name and add "6" */
@@ -1140,10 +1152,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
}
if (vector_size(strvec) >= 4) {
- if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
return;
- }
global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
} else {
/* No third set specified, copy second name and add "_if6" */
@@ -1157,10 +1167,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
}
if (vector_size(strvec) >= 5) {
- if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 4, "IGMP"))
return;
- }
global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
} else {
/* No second set specified, copy first name and add "_igmp" */
@@ -1171,10 +1179,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
}
if (vector_size(strvec) >= 6) {
- if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 5, "MLD"))
return;
- }
global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
} else {
/* No second set specified, copy first name and add "_mld" */
@@ -1186,10 +1192,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
#ifdef _HAVE_VRRP_VMAC_
if (vector_size(strvec) >= 7) {
- if (strlen(strvec_slot(strvec,6)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset ND name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 6, "ND"))
return;
- }
global_data->vrrp_ipset_vmac_nd = STRDUP(strvec_slot(strvec,6));
} else {
/* No second set specified, copy first name and add "_nd" */
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/ocs-commit/keepalived.git
[email protected]:ocs-commit/keepalived.git
ocs-commit
keepalived
keepalived
master

搜索帮助