--- keepalived-2.2.8/keepalived/core/global_parser.c.orig 2024-08-13 18:02:02.156517132 +0200 +++ keepalived-2.2.8/keepalived/core/global_parser.c 2024-08-13 18:04:32.173727108 +0200 @@ -1091,12 +1091,27 @@ vrrp_ipsets_handler(const vector_t *strv { size_t len; char set_name[IPSET_MAXNAMELEN]; + unsigned sn0, sn1; + const char **set_names[] = { + &global_data->vrrp_ipset_address, + &global_data->vrrp_ipset_address6, + &global_data->vrrp_ipset_address_iface6, + &global_data->vrrp_ipset_igmp, + &global_data->vrrp_ipset_mld, +#ifdef _HAVE_VRRP_VMAC_ + &global_data->vrrp_ipset_vmac_nd +#endif + }; FREE_CONST_PTR(global_data->vrrp_ipset_address); FREE_CONST_PTR(global_data->vrrp_ipset_address6); FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6); FREE_CONST_PTR(global_data->vrrp_ipset_igmp); FREE_CONST_PTR(global_data->vrrp_ipset_mld); +#ifdef _HAVE_VRRP_VMAC_ + FREE_CONST_PTR(global_data->vrrp_ipset_vmac_nd); +#endif + global_data->using_ipsets = PARAMETER_UNSET; if (vector_size(strvec) < 2) { global_data->using_ipsets = false; @@ -1105,14 +1120,14 @@ vrrp_ipsets_handler(const vector_t *strv if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) { report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored"); - return; + goto ipset_error; } global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1)); if (vector_size(strvec) >= 3) { if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) { report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored"); - return; + goto ipset_error; } global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2)); } @@ -1126,7 +1141,7 @@ vrrp_ipsets_handler(const vector_t *strv if (vector_size(strvec) >= 4) { if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) { report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored"); - return; + goto ipset_error; } global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3)); } @@ -1144,7 +1159,7 @@ vrrp_ipsets_handler(const vector_t *strv if (vector_size(strvec) >= 5) { if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) { report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored"); - return; + goto ipset_error; } global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4)); } @@ -1158,7 +1173,7 @@ vrrp_ipsets_handler(const vector_t *strv if (vector_size(strvec) >= 6) { if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) { report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored"); - return; + goto ipset_error; } global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5)); } @@ -1169,6 +1184,26 @@ vrrp_ipsets_handler(const vector_t *strv strcat(set_name, "_mld"); global_data->vrrp_ipset_mld = STRDUP(set_name); } + /* Ensure all the set names are different */ + for (sn0 = 0; sn0 < sizeof(set_names) / sizeof(set_names[0]) - 1; sn0++) { + for (sn1 = sn0 + 1; sn1 < sizeof(set_names) / sizeof(set_names[0]); sn1++) { + if (!strcmp(*set_names[sn0], *set_names[sn1])) { + report_config_error(CONFIG_GENERAL_ERROR, "vrrp_ipsets: set name %s used more than once", *set_names[sn0]); + goto ipset_error; + } + } + } + global_data->using_ipsets = true; + return; +ipset_error: + FREE_CONST_PTR(global_data->vrrp_ipset_address); + FREE_CONST_PTR(global_data->vrrp_ipset_address6); + FREE_CONST_PTR(global_data->vrrp_ipset_address_iface6); + FREE_CONST_PTR(global_data->vrrp_ipset_igmp); + FREE_CONST_PTR(global_data->vrrp_ipset_mld); +#ifdef _HAVE_VRRP_VMAC_ + FREE_CONST_PTR(global_data->vrrp_ipset_vmac_nd); +#endif } #endif #elif defined _WITH_NFTABLES_