ebtables: fix segmentation fault due to uninitialized extension data

The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.

Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.

In order to fix the issue ...
 - remove the use of the -nostartfiles linker flag
 - rename the init procedures to a generic name without implicit semantics
 - explicitely annotate those init procedures as constructors

The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich 2016-06-24 15:04:27 +02:00
parent d4ede1c118
commit cb7aa4b1fe
2 changed files with 250 additions and 1 deletions

View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ebtables
PKG_VERSION:=2.0.10-4
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/ebtables

View File

@ -0,0 +1,249 @@
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -11,13 +11,13 @@ EXT_LIBSI+=$(foreach T,$(EXT_FUNC), -leb
EXT_LIBSI+=$(foreach T,$(EXT_TABLES), -lebtable_$(T))
extensions/ebt_%.so: extensions/ebt_%.o
- $(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+ $(CC) $(LDFLAGS) -shared -o $@ -lc $<
extensions/libebt_%.so: extensions/ebt_%.so
mv $< $@
extensions/ebtable_%.so: extensions/ebtable_%.o
- $(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+ $(CC) $(LDFLAGS) -shared -o $@ -lc $<
extensions/libebtable_%.so: extensions/ebtable_%.so
mv $< $@
--- a/extensions/ebt_802_3.c
+++ b/extensions/ebt_802_3.c
@@ -141,7 +141,7 @@ static struct ebt_u_match _802_3_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&_802_3_match);
}
--- a/extensions/ebt_among.c
+++ b/extensions/ebt_among.c
@@ -490,7 +490,7 @@ static struct ebt_u_match among_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&among_match);
}
--- a/extensions/ebt_arp.c
+++ b/extensions/ebt_arp.c
@@ -362,7 +362,7 @@ static struct ebt_u_match arp_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&arp_match);
}
--- a/extensions/ebt_arpreply.c
+++ b/extensions/ebt_arpreply.c
@@ -132,7 +132,7 @@ static struct ebt_u_target arpreply_targ
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_target(&arpreply_target);
}
--- a/extensions/ebt_ip.c
+++ b/extensions/ebt_ip.c
@@ -338,7 +338,7 @@ static struct ebt_u_match ip_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&ip_match);
}
--- a/extensions/ebt_ip6.c
+++ b/extensions/ebt_ip6.c
@@ -556,7 +556,7 @@ static struct ebt_u_match ip6_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&ip6_match);
}
--- a/extensions/ebt_limit.c
+++ b/extensions/ebt_limit.c
@@ -212,7 +212,7 @@ static struct ebt_u_match limit_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&limit_match);
}
--- a/extensions/ebt_log.c
+++ b/extensions/ebt_log.c
@@ -217,7 +217,7 @@ static struct ebt_u_watcher log_watcher
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_watcher(&log_watcher);
}
--- a/extensions/ebt_mark.c
+++ b/extensions/ebt_mark.c
@@ -172,7 +172,7 @@ static struct ebt_u_target mark_target =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_target(&mark_target);
}
--- a/extensions/ebt_mark_m.c
+++ b/extensions/ebt_mark_m.c
@@ -121,7 +121,7 @@ static struct ebt_u_match mark_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&mark_match);
}
--- a/extensions/ebt_nat.c
+++ b/extensions/ebt_nat.c
@@ -230,7 +230,7 @@ static struct ebt_u_target dnat_target =
.extra_ops = opts_d,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_target(&snat_target);
ebt_register_target(&dnat_target);
--- a/extensions/ebt_nflog.c
+++ b/extensions/ebt_nflog.c
@@ -166,7 +166,7 @@ static struct ebt_u_watcher nflog_watche
.extra_ops = nflog_opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_watcher(&nflog_watcher);
}
--- a/extensions/ebt_pkttype.c
+++ b/extensions/ebt_pkttype.c
@@ -125,7 +125,7 @@ static struct ebt_u_match pkttype_match
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&pkttype_match);
}
--- a/extensions/ebt_redirect.c
+++ b/extensions/ebt_redirect.c
@@ -108,7 +108,7 @@ static struct ebt_u_target redirect_targ
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_target(&redirect_target);
}
--- a/extensions/ebt_standard.c
+++ b/extensions/ebt_standard.c
@@ -84,7 +84,7 @@ static struct ebt_u_target standard =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_target(&standard);
}
--- a/extensions/ebt_stp.c
+++ b/extensions/ebt_stp.c
@@ -337,7 +337,7 @@ static struct ebt_u_match stp_match =
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&stp_match);
}
--- a/extensions/ebt_ulog.c
+++ b/extensions/ebt_ulog.c
@@ -180,7 +180,7 @@ static struct ebt_u_watcher ulog_watcher
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_watcher(&ulog_watcher);
}
--- a/extensions/ebt_vlan.c
+++ b/extensions/ebt_vlan.c
@@ -181,7 +181,7 @@ static struct ebt_u_match vlan_match = {
.extra_ops = opts,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_match(&vlan_match);
}
--- a/extensions/ebtable_broute.c
+++ b/extensions/ebtable_broute.c
@@ -23,7 +23,7 @@ ebt_u_table table =
.help = print_help,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_table(&table);
}
--- a/extensions/ebtable_filter.c
+++ b/extensions/ebtable_filter.c
@@ -29,7 +29,7 @@ static struct ebt_u_table table =
.help = print_help,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_table(&table);
}
--- a/extensions/ebtable_nat.c
+++ b/extensions/ebtable_nat.c
@@ -30,7 +30,7 @@ ebt_u_table table =
.help = print_help,
};
-void _init(void)
+__attribute__((constructor)) static void extension_init(void)
{
ebt_register_table(&table);
}