diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-02-08 14:17:43 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-08 14:17:43 -0500 |
commit | 14c7dbe043d01a83a30633ab6b109ba2ac61d9f7 (patch) | |
tree | 0358b6f285036f64c5f5cd6aac4bd2b0768fee8e | |
parent | 13ccdfc2af03e09e60791f7d4bc4ccf53398af7c (diff) |
netfilter: xtables: compat out of scope fix
As per C99 6.2.4(2) when temporary table data goes out of scope,
the behaviour is undefined:
if (compat) {
struct foo tmp;
...
private = &tmp;
}
[dereference private]
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 4 |
3 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 06632762ba5f..90203e1b9187 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
925 | if (t && !IS_ERR(t)) { | 925 | if (t && !IS_ERR(t)) { |
926 | struct arpt_getinfo info; | 926 | struct arpt_getinfo info; |
927 | const struct xt_table_info *private = t->private; | 927 | const struct xt_table_info *private = t->private; |
928 | |||
929 | #ifdef CONFIG_COMPAT | 928 | #ifdef CONFIG_COMPAT |
929 | struct xt_table_info tmp; | ||
930 | |||
930 | if (compat) { | 931 | if (compat) { |
931 | struct xt_table_info tmp; | ||
932 | ret = compat_table_info(private, &tmp); | 932 | ret = compat_table_info(private, &tmp); |
933 | xt_compat_flush_offsets(NFPROTO_ARP); | 933 | xt_compat_flush_offsets(NFPROTO_ARP); |
934 | private = &tmp; | 934 | private = &tmp; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 572330a552ef..3ce53cf13d5a 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1132 | if (t && !IS_ERR(t)) { | 1132 | if (t && !IS_ERR(t)) { |
1133 | struct ipt_getinfo info; | 1133 | struct ipt_getinfo info; |
1134 | const struct xt_table_info *private = t->private; | 1134 | const struct xt_table_info *private = t->private; |
1135 | |||
1136 | #ifdef CONFIG_COMPAT | 1135 | #ifdef CONFIG_COMPAT |
1136 | struct xt_table_info tmp; | ||
1137 | |||
1137 | if (compat) { | 1138 | if (compat) { |
1138 | struct xt_table_info tmp; | ||
1139 | ret = compat_table_info(private, &tmp); | 1139 | ret = compat_table_info(private, &tmp); |
1140 | xt_compat_flush_offsets(AF_INET); | 1140 | xt_compat_flush_offsets(AF_INET); |
1141 | private = &tmp; | 1141 | private = &tmp; |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 480d7f8c9802..8a7e0f52e177 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1164 | if (t && !IS_ERR(t)) { | 1164 | if (t && !IS_ERR(t)) { |
1165 | struct ip6t_getinfo info; | 1165 | struct ip6t_getinfo info; |
1166 | const struct xt_table_info *private = t->private; | 1166 | const struct xt_table_info *private = t->private; |
1167 | |||
1168 | #ifdef CONFIG_COMPAT | 1167 | #ifdef CONFIG_COMPAT |
1168 | struct xt_table_info tmp; | ||
1169 | |||
1169 | if (compat) { | 1170 | if (compat) { |
1170 | struct xt_table_info tmp; | ||
1171 | ret = compat_table_info(private, &tmp); | 1171 | ret = compat_table_info(private, &tmp); |
1172 | xt_compat_flush_offsets(AF_INET6); | 1172 | xt_compat_flush_offsets(AF_INET6); |
1173 | private = &tmp; | 1173 | private = &tmp; |