diff options
| author | Florian Westphal <fw@strlen.de> | 2016-04-01 08:17:36 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-04-13 18:30:41 -0400 |
| commit | aded9f3e9fa8db559c5b7661bbb497754270e754 (patch) | |
| tree | 36097eef011b102934ea3c1b750a43726b93ed7f | |
| parent | 95609155d7fa08cc2e71d494acad39f72f0b4495 (diff) | |
netfilter: x_tables: remove obsolete check
Since 'netfilter: x_tables: validate targets of jumps' change we
validate that the target aligns exactly with beginning of a rule,
so offset test is now redundant.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 8 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 7 |
3 files changed, 0 insertions, 22 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 668c5dcb3a5f..8cefb7a2606b 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -461,14 +461,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, | |||
| 461 | if (strcmp(t->target.u.user.name, | 461 | if (strcmp(t->target.u.user.name, |
| 462 | XT_STANDARD_TARGET) == 0 && | 462 | XT_STANDARD_TARGET) == 0 && |
| 463 | newpos >= 0) { | 463 | newpos >= 0) { |
| 464 | if (newpos > newinfo->size - | ||
| 465 | sizeof(struct arpt_entry)) { | ||
| 466 | duprintf("mark_source_chains: " | ||
| 467 | "bad verdict (%i)\n", | ||
| 468 | newpos); | ||
| 469 | return 0; | ||
| 470 | } | ||
| 471 | |||
| 472 | /* This a jump; chase it. */ | 464 | /* This a jump; chase it. */ |
| 473 | duprintf("Jump rule %u -> %u\n", | 465 | duprintf("Jump rule %u -> %u\n", |
| 474 | pos, newpos); | 466 | pos, newpos); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 4585aa78c4ca..9340ce0a7549 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -542,13 +542,6 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
| 542 | if (strcmp(t->target.u.user.name, | 542 | if (strcmp(t->target.u.user.name, |
| 543 | XT_STANDARD_TARGET) == 0 && | 543 | XT_STANDARD_TARGET) == 0 && |
| 544 | newpos >= 0) { | 544 | newpos >= 0) { |
| 545 | if (newpos > newinfo->size - | ||
| 546 | sizeof(struct ipt_entry)) { | ||
| 547 | duprintf("mark_source_chains: " | ||
| 548 | "bad verdict (%i)\n", | ||
| 549 | newpos); | ||
| 550 | return 0; | ||
| 551 | } | ||
| 552 | /* This a jump; chase it. */ | 545 | /* This a jump; chase it. */ |
| 553 | duprintf("Jump rule %u -> %u\n", | 546 | duprintf("Jump rule %u -> %u\n", |
| 554 | pos, newpos); | 547 | pos, newpos); |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index fd06251f504c..aa010856a255 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -554,13 +554,6 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
| 554 | if (strcmp(t->target.u.user.name, | 554 | if (strcmp(t->target.u.user.name, |
| 555 | XT_STANDARD_TARGET) == 0 && | 555 | XT_STANDARD_TARGET) == 0 && |
| 556 | newpos >= 0) { | 556 | newpos >= 0) { |
| 557 | if (newpos > newinfo->size - | ||
| 558 | sizeof(struct ip6t_entry)) { | ||
| 559 | duprintf("mark_source_chains: " | ||
| 560 | "bad verdict (%i)\n", | ||
| 561 | newpos); | ||
| 562 | return 0; | ||
| 563 | } | ||
| 564 | /* This a jump; chase it. */ | 557 | /* This a jump; chase it. */ |
| 565 | duprintf("Jump rule %u -> %u\n", | 558 | duprintf("Jump rule %u -> %u\n", |
| 566 | pos, newpos); | 559 | pos, newpos); |