diff options
| author | Florian Westphal <fw@strlen.de> | 2016-04-01 08:17:35 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-04-13 18:30:40 -0400 |
| commit | 95609155d7fa08cc2e71d494acad39f72f0b4495 (patch) | |
| tree | 706b0962e25767c0e113a741eab9aafa42288bd8 | |
| parent | 09d9686047dbbe1cf4faa558d3ecc4aae2046054 (diff) | |
netfilter: x_tables: remove obsolete overflow check for compat case too
commit 9e67d5a739327c44885adebb4f3a538050be73e4
("[NETFILTER]: x_tables: remove obsolete overflow check") left the
compat parts alone, but we can kill it there as well.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 2 |
3 files changed, 0 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 705179b0fd23..668c5dcb3a5f 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -1436,8 +1436,6 @@ static int compat_do_replace(struct net *net, void __user *user, | |||
| 1436 | return -EFAULT; | 1436 | return -EFAULT; |
| 1437 | 1437 | ||
| 1438 | /* overflow check */ | 1438 | /* overflow check */ |
| 1439 | if (tmp.size >= INT_MAX / num_possible_cpus()) | ||
| 1440 | return -ENOMEM; | ||
| 1441 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) | 1439 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) |
| 1442 | return -ENOMEM; | 1440 | return -ENOMEM; |
| 1443 | if (tmp.num_counters == 0) | 1441 | if (tmp.num_counters == 0) |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index c26ccd818e8f..4585aa78c4ca 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1706,8 +1706,6 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1706 | return -EFAULT; | 1706 | return -EFAULT; |
| 1707 | 1707 | ||
| 1708 | /* overflow check */ | 1708 | /* overflow check */ |
| 1709 | if (tmp.size >= INT_MAX / num_possible_cpus()) | ||
| 1710 | return -ENOMEM; | ||
| 1711 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) | 1709 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) |
| 1712 | return -ENOMEM; | 1710 | return -ENOMEM; |
| 1713 | if (tmp.num_counters == 0) | 1711 | if (tmp.num_counters == 0) |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index f5a4eb2d5084..fd06251f504c 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -1709,8 +1709,6 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1709 | return -EFAULT; | 1709 | return -EFAULT; |
| 1710 | 1710 | ||
| 1711 | /* overflow check */ | 1711 | /* overflow check */ |
| 1712 | if (tmp.size >= INT_MAX / num_possible_cpus()) | ||
| 1713 | return -ENOMEM; | ||
| 1714 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) | 1712 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) |
| 1715 | return -ENOMEM; | 1713 | return -ENOMEM; |
| 1716 | if (tmp.num_counters == 0) | 1714 | if (tmp.num_counters == 0) |