aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/netfilter/nf_conntrack_netlink.c30
-rw-r--r--net/netfilter/nfnetlink_cthelper.c16
-rw-r--r--net/netfilter/nfnetlink_cttimeout.c6
3 files changed, 39 insertions, 13 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 6d0f8a17c5b7..f83a52298efe 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -828,7 +828,9 @@ ctnetlink_parse_tuple_ip(struct nlattr *attr, struct nf_conntrack_tuple *tuple)
828 struct nf_conntrack_l3proto *l3proto; 828 struct nf_conntrack_l3proto *l3proto;
829 int ret = 0; 829 int ret = 0;
830 830
831 nla_parse_nested(tb, CTA_IP_MAX, attr, NULL); 831 ret = nla_parse_nested(tb, CTA_IP_MAX, attr, NULL);
832 if (ret < 0)
833 return ret;
832 834
833 rcu_read_lock(); 835 rcu_read_lock();
834 l3proto = __nf_ct_l3proto_find(tuple->src.l3num); 836 l3proto = __nf_ct_l3proto_find(tuple->src.l3num);
@@ -895,7 +897,9 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
895 897
896 memset(tuple, 0, sizeof(*tuple)); 898 memset(tuple, 0, sizeof(*tuple));
897 899
898 nla_parse_nested(tb, CTA_TUPLE_MAX, cda[type], tuple_nla_policy); 900 err = nla_parse_nested(tb, CTA_TUPLE_MAX, cda[type], tuple_nla_policy);
901 if (err < 0)
902 return err;
899 903
900 if (!tb[CTA_TUPLE_IP]) 904 if (!tb[CTA_TUPLE_IP])
901 return -EINVAL; 905 return -EINVAL;
@@ -946,9 +950,12 @@ static inline int
946ctnetlink_parse_help(const struct nlattr *attr, char **helper_name, 950ctnetlink_parse_help(const struct nlattr *attr, char **helper_name,
947 struct nlattr **helpinfo) 951 struct nlattr **helpinfo)
948{ 952{
953 int err;
949 struct nlattr *tb[CTA_HELP_MAX+1]; 954 struct nlattr *tb[CTA_HELP_MAX+1];
950 955
951 nla_parse_nested(tb, CTA_HELP_MAX, attr, help_nla_policy); 956 err = nla_parse_nested(tb, CTA_HELP_MAX, attr, help_nla_policy);
957 if (err < 0)
958 return err;
952 959
953 if (!tb[CTA_HELP_NAME]) 960 if (!tb[CTA_HELP_NAME])
954 return -EINVAL; 961 return -EINVAL;
@@ -1431,7 +1438,9 @@ ctnetlink_change_protoinfo(struct nf_conn *ct, const struct nlattr * const cda[]
1431 struct nf_conntrack_l4proto *l4proto; 1438 struct nf_conntrack_l4proto *l4proto;
1432 int err = 0; 1439 int err = 0;
1433 1440
1434 nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, protoinfo_policy); 1441 err = nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, protoinfo_policy);
1442 if (err < 0)
1443 return err;
1435 1444
1436 rcu_read_lock(); 1445 rcu_read_lock();
1437 l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct)); 1446 l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
@@ -1452,9 +1461,12 @@ static const struct nla_policy nat_seq_policy[CTA_NAT_SEQ_MAX+1] = {
1452static inline int 1461static inline int
1453change_nat_seq_adj(struct nf_nat_seq *natseq, const struct nlattr * const attr) 1462change_nat_seq_adj(struct nf_nat_seq *natseq, const struct nlattr * const attr)
1454{ 1463{
1464 int err;
1455 struct nlattr *cda[CTA_NAT_SEQ_MAX+1]; 1465 struct nlattr *cda[CTA_NAT_SEQ_MAX+1];
1456 1466
1457 nla_parse_nested(cda, CTA_NAT_SEQ_MAX, attr, nat_seq_policy); 1467 err = nla_parse_nested(cda, CTA_NAT_SEQ_MAX, attr, nat_seq_policy);
1468 if (err < 0)
1469 return err;
1458 1470
1459 if (!cda[CTA_NAT_SEQ_CORRECTION_POS]) 1471 if (!cda[CTA_NAT_SEQ_CORRECTION_POS])
1460 return -EINVAL; 1472 return -EINVAL;
@@ -2115,7 +2127,9 @@ ctnetlink_nfqueue_parse(const struct nlattr *attr, struct nf_conn *ct)
2115 struct nlattr *cda[CTA_MAX+1]; 2127 struct nlattr *cda[CTA_MAX+1];
2116 int ret; 2128 int ret;
2117 2129
2118 nla_parse_nested(cda, CTA_MAX, attr, ct_nla_policy); 2130 ret = nla_parse_nested(cda, CTA_MAX, attr, ct_nla_policy);
2131 if (ret < 0)
2132 return ret;
2119 2133
2120 spin_lock_bh(&nf_conntrack_lock); 2134 spin_lock_bh(&nf_conntrack_lock);
2121 ret = ctnetlink_nfqueue_parse_ct((const struct nlattr **)cda, ct); 2135 ret = ctnetlink_nfqueue_parse_ct((const struct nlattr **)cda, ct);
@@ -2710,7 +2724,9 @@ ctnetlink_parse_expect_nat(const struct nlattr *attr,
2710 struct nf_conntrack_tuple nat_tuple = {}; 2724 struct nf_conntrack_tuple nat_tuple = {};
2711 int err; 2725 int err;
2712 2726
2713 nla_parse_nested(tb, CTA_EXPECT_NAT_MAX, attr, exp_nat_nla_policy); 2727 err = nla_parse_nested(tb, CTA_EXPECT_NAT_MAX, attr, exp_nat_nla_policy);
2728 if (err < 0)
2729 return err;
2714 2730
2715 if (!tb[CTA_EXPECT_NAT_DIR] || !tb[CTA_EXPECT_NAT_TUPLE]) 2731 if (!tb[CTA_EXPECT_NAT_DIR] || !tb[CTA_EXPECT_NAT_TUPLE])
2716 return -EINVAL; 2732 return -EINVAL;
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
index a191b6db657e..9e287cb56a04 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -67,9 +67,12 @@ static int
67nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple, 67nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple,
68 const struct nlattr *attr) 68 const struct nlattr *attr)
69{ 69{
70 int err;
70 struct nlattr *tb[NFCTH_TUPLE_MAX+1]; 71 struct nlattr *tb[NFCTH_TUPLE_MAX+1];
71 72
72 nla_parse_nested(tb, NFCTH_TUPLE_MAX, attr, nfnl_cthelper_tuple_pol); 73 err = nla_parse_nested(tb, NFCTH_TUPLE_MAX, attr, nfnl_cthelper_tuple_pol);
74 if (err < 0)
75 return err;
73 76
74 if (!tb[NFCTH_TUPLE_L3PROTONUM] || !tb[NFCTH_TUPLE_L4PROTONUM]) 77 if (!tb[NFCTH_TUPLE_L3PROTONUM] || !tb[NFCTH_TUPLE_L4PROTONUM])
75 return -EINVAL; 78 return -EINVAL;
@@ -121,9 +124,12 @@ static int
121nfnl_cthelper_expect_policy(struct nf_conntrack_expect_policy *expect_policy, 124nfnl_cthelper_expect_policy(struct nf_conntrack_expect_policy *expect_policy,
122 const struct nlattr *attr) 125 const struct nlattr *attr)
123{ 126{
127 int err;
124 struct nlattr *tb[NFCTH_POLICY_MAX+1]; 128 struct nlattr *tb[NFCTH_POLICY_MAX+1];
125 129
126 nla_parse_nested(tb, NFCTH_POLICY_MAX, attr, nfnl_cthelper_expect_pol); 130 err = nla_parse_nested(tb, NFCTH_POLICY_MAX, attr, nfnl_cthelper_expect_pol);
131 if (err < 0)
132 return err;
127 133
128 if (!tb[NFCTH_POLICY_NAME] || 134 if (!tb[NFCTH_POLICY_NAME] ||
129 !tb[NFCTH_POLICY_EXPECT_MAX] || 135 !tb[NFCTH_POLICY_EXPECT_MAX] ||
@@ -153,8 +159,10 @@ nfnl_cthelper_parse_expect_policy(struct nf_conntrack_helper *helper,
153 struct nf_conntrack_expect_policy *expect_policy; 159 struct nf_conntrack_expect_policy *expect_policy;
154 struct nlattr *tb[NFCTH_POLICY_SET_MAX+1]; 160 struct nlattr *tb[NFCTH_POLICY_SET_MAX+1];
155 161
156 nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr, 162 ret = nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr,
157 nfnl_cthelper_expect_policy_set); 163 nfnl_cthelper_expect_policy_set);
164 if (ret < 0)
165 return ret;
158 166
159 if (!tb[NFCTH_POLICY_SET_NUM]) 167 if (!tb[NFCTH_POLICY_SET_NUM])
160 return -EINVAL; 168 return -EINVAL;
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index 65074dfb9383..50580494148d 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -59,8 +59,10 @@ ctnl_timeout_parse_policy(struct ctnl_timeout *timeout,
59 if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) { 59 if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) {
60 struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max+1]; 60 struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max+1];
61 61
62 nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max, 62 ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max,
63 attr, l4proto->ctnl_timeout.nla_policy); 63 attr, l4proto->ctnl_timeout.nla_policy);
64 if (ret < 0)
65 return ret;
64 66
65 ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, 67 ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net,
66 &timeout->data); 68 &timeout->data);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-28 11:24:15 -0500