[NET_SCHED]: Use nla_policy for attribute validation in actions

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2008-01-23 23:36:30 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 18:11:23 -0500
commit: 53b2bf3f8a652c9c8e86831f94ae2c5767ea54d7 (patch)
tree: eba61efed08a932766a32b0b6a60e766f8b44bcb /net/sched
parent: 6fa8c0144b770dac941cf2c15053b6e24f046c8a (diff)
7 files changed, 51 insertions, 33 deletions
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index df214d47fc92..422872c4f14b 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
@@ -53,6 +53,11 @@ typedef int (*g_rand)(struct tcf_gact *gact);
 static g_rand gact_rand[MAX_RAND]= { NULL, gact_net_rand, gact_determ };
 #endif /* CONFIG_GACT_PROB */
+static const struct nla_policy gact_policy[TCA_GACT_MAX + 1] = {
+        [TCA_GACT_PARMS]        = { .len = sizeof(struct tc_gact) },
+        [TCA_GACT_PROB]         = { .len = sizeof(struct tc_gact_p) },
+};
 static int tcf_gact_init(struct nlattr *nla, struct nlattr *est,
                         struct tc_action *a, int ovr, int bind)
 {
@@ -66,20 +71,16 @@ static int tcf_gact_init(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_GACT_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_GACT_MAX, nla, gact_policy);
        if (err < 0)
                return err;
-        if (tb[TCA_GACT_PARMS] == NULL ||
+        if (tb[TCA_GACT_PARMS] == NULL)
-            nla_len(tb[TCA_GACT_PARMS]) < sizeof(*parm))
                return -EINVAL;
        parm = nla_data(tb[TCA_GACT_PARMS]);
+#ifndef CONFIG_GACT_PROB
        if (tb[TCA_GACT_PROB] != NULL)
-#ifdef CONFIG_GACT_PROB
-                if (nla_len(tb[TCA_GACT_PROB]) < sizeof(struct tc_gact_p))
-                        return -EINVAL;
-#else
                return -EOPNOTSUPP;
 #endif
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 7ab2419b44ec..da696fd3e341 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -92,6 +92,13 @@ static int tcf_ipt_release(struct tcf_ipt *ipt, int bind)
        return ret;
 }
+static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
+        [TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
+        [TCA_IPT_HOOK]  = { .type = NLA_U32 },
+        [TCA_IPT_INDEX] = { .type = NLA_U32 },
+        [TCA_IPT_TARG]  = { .len = sizeof(struct ipt_entry_target) },
+};
 static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
                        struct tc_action *a, int ovr, int bind)
 {
@@ -107,22 +114,20 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_IPT_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_IPT_MAX, nla, ipt_policy);
        if (err < 0)
                return err;
-        if (tb[TCA_IPT_HOOK] == NULL ||
+        if (tb[TCA_IPT_HOOK] == NULL)
-            nla_len(tb[TCA_IPT_HOOK]) < sizeof(u32))
                return -EINVAL;
-        if (tb[TCA_IPT_TARG] == NULL ||
+        if (tb[TCA_IPT_TARG] == NULL)
-            nla_len(tb[TCA_IPT_TARG]) < sizeof(*t))
                return -EINVAL;
        td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
        if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
                return -EINVAL;
-        if (tb[TCA_IPT_INDEX] != NULL &&
+        if (tb[TCA_IPT_INDEX] != NULL)
-            nla_len(tb[TCA_IPT_INDEX]) >= sizeof(u32))
                index = nla_get_u32(tb[TCA_IPT_INDEX]);
        pc = tcf_hash_check(index, a, bind, &ipt_hash_info);
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 6cb5e30dcf8c..1aff005d95cd 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -54,6 +54,10 @@ static inline int tcf_mirred_release(struct tcf_mirred *m, int bind)
        return 0;
 }
+static const struct nla_policy mirred_policy[TCA_MIRRED_MAX + 1] = {
+        [TCA_MIRRED_PARMS]      = { .len = sizeof(struct tc_mirred) },
+};
 static int tcf_mirred_init(struct nlattr *nla, struct nlattr *est,
                           struct tc_action *a, int ovr, int bind)
 {
@@ -68,12 +72,11 @@ static int tcf_mirred_init(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_MIRRED_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_MIRRED_MAX, nla, mirred_policy);
        if (err < 0)
                return err;
-        if (tb[TCA_MIRRED_PARMS] == NULL ||
+        if (tb[TCA_MIRRED_PARMS] == NULL)
-            nla_len(tb[TCA_MIRRED_PARMS]) < sizeof(*parm))
                return -EINVAL;
        parm = nla_data(tb[TCA_MIRRED_PARMS]);
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 5a512d4dc37c..0a3c8339767a 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -40,6 +40,10 @@ static struct tcf_hashinfo nat_hash_info = {
        .lock   =       &nat_lock,
 };
+static const struct nla_policy nat_policy[TCA_NAT_MAX + 1] = {
+        [TCA_NAT_PARMS] = { .len = sizeof(struct tc_nat) },
+};
 static int tcf_nat_init(struct nlattr *nla, struct nlattr *est,
                        struct tc_action *a, int ovr, int bind)
 {
@@ -52,12 +56,11 @@ static int tcf_nat_init(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_NAT_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_NAT_MAX, nla, nat_policy);
        if (err < 0)
                return err;
-        if (tb[TCA_NAT_PARMS] == NULL ||
+        if (tb[TCA_NAT_PARMS] == NULL)
-            nla_len(tb[TCA_NAT_PARMS]) < sizeof(*parm))
                return -EINVAL;
        parm = nla_data(tb[TCA_NAT_PARMS]);
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 1b9ca45a78e5..3cc4cb9e500e 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -33,6 +33,10 @@ static struct tcf_hashinfo pedit_hash_info = {
        .lock   =       &pedit_lock,
 };
+static const struct nla_policy pedit_policy[TCA_PEDIT_MAX + 1] = {
+        [TCA_PEDIT_PARMS]       = { .len = sizeof(struct tcf_pedit) },
+};
 static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est,
                          struct tc_action *a, int ovr, int bind)
 {
@@ -47,12 +51,11 @@ static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_PEDIT_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_PEDIT_MAX, nla, pedit_policy);
        if (err < 0)
                return err;
-        if (tb[TCA_PEDIT_PARMS] == NULL ||
+        if (tb[TCA_PEDIT_PARMS] == NULL)
-            nla_len(tb[TCA_PEDIT_PARMS]) < sizeof(*parm))
                return -EINVAL;
        parm = nla_data(tb[TCA_PEDIT_PARMS]);
        ksize = parm->nkeys * sizeof(struct tc_pedit_key);
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 62de806af3af..0898120bbcc0 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -119,6 +119,13 @@ static void tcf_police_destroy(struct tcf_police *p)
        BUG_TRAP(0);
 }
+static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
+        [TCA_POLICE_RATE]       = { .len = TC_RTAB_SIZE },
+        [TCA_POLICE_PEAKRATE]   = { .len = TC_RTAB_SIZE },
+        [TCA_POLICE_AVRATE]     = { .type = NLA_U32 },
+        [TCA_POLICE_RESULT]     = { .type = NLA_U32 },
+};
 static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
                                 struct tc_action *a, int ovr, int bind)
 {
@@ -133,7 +140,7 @@ static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
        if (nla == NULL)
                return -EINVAL;
-        err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, NULL);
+        err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy);
        if (err < 0)
                return err;
@@ -144,13 +151,6 @@ static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
                return -EINVAL;
        parm = nla_data(tb[TCA_POLICE_TBF]);
-        if (tb[TCA_POLICE_RESULT] != NULL &&
-            nla_len(tb[TCA_POLICE_RESULT]) != sizeof(u32))
-                return -EINVAL;
-        if (tb[TCA_POLICE_RESULT] != NULL &&
-            nla_len(tb[TCA_POLICE_RESULT]) != sizeof(u32))
-                return -EINVAL;
        if (parm->index) {
                struct tcf_common *pc;
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index cedaadf18eb2..fbde461b716c 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -84,6 +84,10 @@ static int realloc_defdata(struct tcf_defact *d, u32 datalen, void *defdata)
        return alloc_defdata(d, datalen, defdata);
 }
+static const struct nla_policy simple_policy[TCA_DEF_MAX + 1] = {
+        [TCA_DEF_PARMS] = { .len = sizeof(struct tc_defact) },
+};
 static int tcf_simp_init(struct nlattr *nla, struct nlattr *est,
                         struct tc_action *a, int ovr, int bind)
 {
@@ -102,8 +106,7 @@ static int tcf_simp_init(struct nlattr *nla, struct nlattr *est,
        if (err < 0)
                return err;
-        if (tb[TCA_DEF_PARMS] == NULL ||
+        if (tb[TCA_DEF_PARMS] == NULL)
-            nla_len(tb[TCA_DEF_PARMS]) < sizeof(*parm))
                return -EINVAL;
        parm = nla_data(tb[TCA_DEF_PARMS]);
author	Patrick McHardy <kaber@trash.net>	2008-01-23 23:36:30 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 18:11:23 -0500
commit	53b2bf3f8a652c9c8e86831f94ae2c5767ea54d7 (patch)
tree	eba61efed08a932766a32b0b6a60e766f8b44bcb /net/sched
parent	6fa8c0144b770dac941cf2c15053b6e24f046c8a (diff)