ebtables: fix segmentation fault due to uninitialized extension data

The ebtables code relies on the `-nostartfiles` linker argument to execute the extension modules' `_init()` functions automatically which is not working reliably across all supported targets and gcc versions. Running an ebtables executable linked this way just crashes with a segmentation fault at runtime on program startup, e.g. on ARM architectures. In order to fix the issue ... - remove the use of the -nostartfiles linker flag - rename the init procedures to a generic name without implicit semantics - explicitely annotate those init procedures as constructors The patch has been taken from the Alpine Linux distribution at http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-24 15:04:27 +02:00 · 2016-06-24 15:04:27 +02:00 · cb7aa4b1fe
commit cb7aa4b1fe
parent d4ede1c118
2 changed files with 250 additions and 1 deletions
--- a/package/network/utils/ebtables/Makefile
+++ b/package/network/utils/ebtables/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=ebtables
 PKG_VERSION:=2.0.10-4
-PKG_RELEASE:=4
+PKG_RELEASE:=5

 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/ebtables
--- a/package/network/utils/ebtables/patches/200-fix-extension-init.patch
+++ b/package/network/utils/ebtables/patches/200-fix-extension-init.patch
@ -0,0 +1,249 @@
+--- a/extensions/Makefile
+++ b/extensions/Makefile
+@@ -11,13 +11,13 @@ EXT_LIBSI+=$(foreach T,$(EXT_FUNC), -leb
+ EXT_LIBSI+=$(foreach T,$(EXT_TABLES), -lebtable_$(T))
+ 
+ extensions/ebt_%.so: extensions/ebt_%.o
+-	$(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+	$(CC) $(LDFLAGS) -shared -o $@ -lc $<
+ 
+ extensions/libebt_%.so: extensions/ebt_%.so
+ 	mv $< $@
+ 
+ extensions/ebtable_%.so: extensions/ebtable_%.o
+-	$(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+	$(CC) $(LDFLAGS) -shared -o $@ -lc $<
+ 
+ extensions/libebtable_%.so: extensions/ebtable_%.so
+ 	mv $< $@
+--- a/extensions/ebt_802_3.c
+++ b/extensions/ebt_802_3.c
+@@ -141,7 +141,7 @@ static struct ebt_u_match _802_3_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&_802_3_match);
+ }
+--- a/extensions/ebt_among.c
+++ b/extensions/ebt_among.c
+@@ -490,7 +490,7 @@ static struct ebt_u_match among_match =
+ 	.extra_ops 	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&among_match);
+ }
+--- a/extensions/ebt_arp.c
+++ b/extensions/ebt_arp.c
+@@ -362,7 +362,7 @@ static struct ebt_u_match arp_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&arp_match);
+ }
+--- a/extensions/ebt_arpreply.c
+++ b/extensions/ebt_arpreply.c
+@@ -132,7 +132,7 @@ static struct ebt_u_target arpreply_targ
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_target(&arpreply_target);
+ }
+--- a/extensions/ebt_ip.c
+++ b/extensions/ebt_ip.c
+@@ -338,7 +338,7 @@ static struct ebt_u_match ip_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&ip_match);
+ }
+--- a/extensions/ebt_ip6.c
+++ b/extensions/ebt_ip6.c
+@@ -556,7 +556,7 @@ static struct ebt_u_match ip6_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&ip6_match);
+ }
+--- a/extensions/ebt_limit.c
+++ b/extensions/ebt_limit.c
+@@ -212,7 +212,7 @@ static struct ebt_u_match limit_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&limit_match);
+ }
+--- a/extensions/ebt_log.c
+++ b/extensions/ebt_log.c
+@@ -217,7 +217,7 @@ static struct ebt_u_watcher log_watcher
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_watcher(&log_watcher);
+ }
+--- a/extensions/ebt_mark.c
+++ b/extensions/ebt_mark.c
+@@ -172,7 +172,7 @@ static struct ebt_u_target mark_target =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_target(&mark_target);
+ }
+--- a/extensions/ebt_mark_m.c
+++ b/extensions/ebt_mark_m.c
+@@ -121,7 +121,7 @@ static struct ebt_u_match mark_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&mark_match);
+ }
+--- a/extensions/ebt_nat.c
+++ b/extensions/ebt_nat.c
+@@ -230,7 +230,7 @@ static struct ebt_u_target dnat_target =
+ 	.extra_ops	= opts_d,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_target(&snat_target);
+ 	ebt_register_target(&dnat_target);
+--- a/extensions/ebt_nflog.c
+++ b/extensions/ebt_nflog.c
+@@ -166,7 +166,7 @@ static struct ebt_u_watcher nflog_watche
+ 	.extra_ops = nflog_opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_watcher(&nflog_watcher);
+ }
+--- a/extensions/ebt_pkttype.c
+++ b/extensions/ebt_pkttype.c
+@@ -125,7 +125,7 @@ static struct ebt_u_match pkttype_match
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&pkttype_match);
+ }
+--- a/extensions/ebt_redirect.c
+++ b/extensions/ebt_redirect.c
+@@ -108,7 +108,7 @@ static struct ebt_u_target redirect_targ
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_target(&redirect_target);
+ }
+--- a/extensions/ebt_standard.c
+++ b/extensions/ebt_standard.c
+@@ -84,7 +84,7 @@ static struct ebt_u_target standard =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_target(&standard);
+ }
+--- a/extensions/ebt_stp.c
+++ b/extensions/ebt_stp.c
+@@ -337,7 +337,7 @@ static struct ebt_u_match stp_match =
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&stp_match);
+ }
+--- a/extensions/ebt_ulog.c
+++ b/extensions/ebt_ulog.c
+@@ -180,7 +180,7 @@ static struct ebt_u_watcher ulog_watcher
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_watcher(&ulog_watcher);
+ }
+--- a/extensions/ebt_vlan.c
+++ b/extensions/ebt_vlan.c
+@@ -181,7 +181,7 @@ static struct ebt_u_match vlan_match = {
+ 	.extra_ops	= opts,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_match(&vlan_match);
+ }
+--- a/extensions/ebtable_broute.c
+++ b/extensions/ebtable_broute.c
+@@ -23,7 +23,7 @@ ebt_u_table table =
+ 	.help		= print_help,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_table(&table);
+ }
+--- a/extensions/ebtable_filter.c
+++ b/extensions/ebtable_filter.c
+@@ -29,7 +29,7 @@ static struct ebt_u_table table =
+ 	.help		= print_help,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_table(&table);
+ }
+--- a/extensions/ebtable_nat.c
+++ b/extensions/ebtable_nat.c
+@@ -30,7 +30,7 @@ ebt_u_table table =
+ 	.help		= print_help,
+ };
+ 
+-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
+ {
+ 	ebt_register_table(&table);
+ }