aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:13 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:13 -0400
commit18219d3f7d6a5bc43825a41e0763158efbdb80d3 (patch)
treeaca133d934ec93fc441d5a26937b2428d23573bd /net
parentd2f26037a38ada4a5d40d1cf0b32bc5289f50312 (diff)
netfilter: ebtables: do centralized size checking
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/ebt_802_3.c7
-rw-r--r--net/bridge/netfilter/ebt_among.c1
-rw-r--r--net/bridge/netfilter/ebt_arp.c9
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c9
-rw-r--r--net/bridge/netfilter/ebt_dnat.c9
-rw-r--r--net/bridge/netfilter/ebt_ip.c9
-rw-r--r--net/bridge/netfilter/ebt_ip6.c9
-rw-r--r--net/bridge/netfilter/ebt_limit.c11
-rw-r--r--net/bridge/netfilter/ebt_log.c11
-rw-r--r--net/bridge/netfilter/ebt_mark.c6
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c7
-rw-r--r--net/bridge/netfilter/ebt_nflog.c4
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c7
-rw-r--r--net/bridge/netfilter/ebt_redirect.c11
-rw-r--r--net/bridge/netfilter/ebt_snat.c11
-rw-r--r--net/bridge/netfilter/ebt_stp.c10
-rw-r--r--net/bridge/netfilter/ebt_ulog.c5
-rw-r--r--net/bridge/netfilter/ebt_vlan.c10
-rw-r--r--net/bridge/netfilter/ebtables.c43
19 files changed, 101 insertions, 88 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 98534025360f..ccecfbd2a25d 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -7,10 +7,10 @@
7 * May 2003 7 * May 2003
8 * 8 *
9 */ 9 */
10 10#include <linux/module.h>
11#include <linux/netfilter/x_tables.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_802_3.h> 13#include <linux/netfilter_bridge/ebt_802_3.h>
13#include <linux/module.h>
14 14
15static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, 15static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in,
16 const struct net_device *out, const void *data, unsigned int datalen) 16 const struct net_device *out, const void *data, unsigned int datalen)
@@ -42,8 +42,6 @@ static int ebt_802_3_check(const char *tablename, unsigned int hookmask,
42{ 42{
43 const struct ebt_802_3_info *info = data; 43 const struct ebt_802_3_info *info = data;
44 44
45 if (datalen < sizeof(struct ebt_802_3_info))
46 return -EINVAL;
47 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) 45 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
48 return -EINVAL; 46 return -EINVAL;
49 47
@@ -54,6 +52,7 @@ static struct ebt_match filter_802_3 __read_mostly = {
54 .name = EBT_802_3_MATCH, 52 .name = EBT_802_3_MATCH,
55 .match = ebt_filter_802_3, 53 .match = ebt_filter_802_3,
56 .check = ebt_802_3_check, 54 .check = ebt_802_3_check,
55 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
57 .me = THIS_MODULE, 56 .me = THIS_MODULE,
58}; 57};
59 58
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 70b6dca5ea75..b0acb13a390c 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -216,6 +216,7 @@ static struct ebt_match filter_among __read_mostly = {
216 .name = EBT_AMONG_MATCH, 216 .name = EBT_AMONG_MATCH,
217 .match = ebt_filter_among, 217 .match = ebt_filter_among,
218 .check = ebt_among_check, 218 .check = ebt_among_check,
219 .matchsize = -1, /* special case */
219 .me = THIS_MODULE, 220 .me = THIS_MODULE,
220}; 221};
221 222
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 7c535be75665..385f9cb85bce 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -8,12 +8,12 @@
8 * April, 2002 8 * April, 2002
9 * 9 *
10 */ 10 */
11
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_arp.h>
14#include <linux/if_arp.h> 11#include <linux/if_arp.h>
15#include <linux/if_ether.h> 12#include <linux/if_ether.h>
16#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/netfilter/x_tables.h>
15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_arp.h>
17 17
18static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, 18static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in,
19 const struct net_device *out, const void *data, unsigned int datalen) 19 const struct net_device *out, const void *data, unsigned int datalen)
@@ -105,8 +105,6 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask,
105{ 105{
106 const struct ebt_arp_info *info = data; 106 const struct ebt_arp_info *info = data;
107 107
108 if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info)))
109 return -EINVAL;
110 if ((e->ethproto != htons(ETH_P_ARP) && 108 if ((e->ethproto != htons(ETH_P_ARP) &&
111 e->ethproto != htons(ETH_P_RARP)) || 109 e->ethproto != htons(ETH_P_RARP)) ||
112 e->invflags & EBT_IPROTO) 110 e->invflags & EBT_IPROTO)
@@ -120,6 +118,7 @@ static struct ebt_match filter_arp __read_mostly = {
120 .name = EBT_ARP_MATCH, 118 .name = EBT_ARP_MATCH,
121 .match = ebt_filter_arp, 119 .match = ebt_filter_arp,
122 .check = ebt_arp_check, 120 .check = ebt_arp_check,
121 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
123 .me = THIS_MODULE, 122 .me = THIS_MODULE,
124}; 123};
125 124
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 0c4279590fc7..a860ea6da46a 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -8,12 +8,12 @@
8 * August, 2003 8 * August, 2003
9 * 9 *
10 */ 10 */
11
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_arpreply.h>
14#include <linux/if_arp.h> 11#include <linux/if_arp.h>
15#include <net/arp.h> 12#include <net/arp.h>
16#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/netfilter/x_tables.h>
15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_arpreply.h>
17 17
18static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, 18static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
@@ -63,8 +63,6 @@ static int ebt_target_reply_check(const char *tablename, unsigned int hookmask,
63{ 63{
64 const struct ebt_arpreply_info *info = data; 64 const struct ebt_arpreply_info *info = data;
65 65
66 if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info)))
67 return -EINVAL;
68 if (BASE_CHAIN && info->target == EBT_RETURN) 66 if (BASE_CHAIN && info->target == EBT_RETURN)
69 return -EINVAL; 67 return -EINVAL;
70 if (e->ethproto != htons(ETH_P_ARP) || 68 if (e->ethproto != htons(ETH_P_ARP) ||
@@ -80,6 +78,7 @@ static struct ebt_target reply_target __read_mostly = {
80 .name = EBT_ARPREPLY_TARGET, 78 .name = EBT_ARPREPLY_TARGET,
81 .target = ebt_target_reply, 79 .target = ebt_target_reply,
82 .check = ebt_target_reply_check, 80 .check = ebt_target_reply_check,
81 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
83 .me = THIS_MODULE, 82 .me = THIS_MODULE,
84}; 83};
85 84
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index ca64c1cc1b47..c2be41e8bb99 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -7,12 +7,12 @@
7 * June, 2002 7 * June, 2002
8 * 8 *
9 */ 9 */
10 10#include <linux/module.h>
11#include <net/sock.h>
11#include <linux/netfilter.h> 12#include <linux/netfilter.h>
13#include <linux/netfilter/x_tables.h>
12#include <linux/netfilter_bridge/ebtables.h> 14#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_nat.h> 15#include <linux/netfilter_bridge/ebt_nat.h>
14#include <linux/module.h>
15#include <net/sock.h>
16 16
17static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, 17static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
18 const struct net_device *in, const struct net_device *out, 18 const struct net_device *in, const struct net_device *out,
@@ -39,8 +39,6 @@ static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
39 (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && 39 (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&
40 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) 40 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
41 return -EINVAL; 41 return -EINVAL;
42 if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info)))
43 return -EINVAL;
44 if (INVALID_TARGET) 42 if (INVALID_TARGET)
45 return -EINVAL; 43 return -EINVAL;
46 return 0; 44 return 0;
@@ -50,6 +48,7 @@ static struct ebt_target dnat __read_mostly = {
50 .name = EBT_DNAT_TARGET, 48 .name = EBT_DNAT_TARGET,
51 .target = ebt_target_dnat, 49 .target = ebt_target_dnat,
52 .check = ebt_target_dnat_check, 50 .check = ebt_target_dnat_check,
51 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
53 .me = THIS_MODULE, 52 .me = THIS_MODULE,
54}; 53};
55 54
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 65caa00dcf2a..c1ae2547e3d0 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -11,13 +11,13 @@
11 * Innominate Security Technologies AG <mhopf@innominate.com> 11 * Innominate Security Technologies AG <mhopf@innominate.com>
12 * September, 2002 12 * September, 2002
13 */ 13 */
14
15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_ip.h>
17#include <linux/ip.h> 14#include <linux/ip.h>
18#include <net/ip.h> 15#include <net/ip.h>
19#include <linux/in.h> 16#include <linux/in.h>
20#include <linux/module.h> 17#include <linux/module.h>
18#include <linux/netfilter/x_tables.h>
19#include <linux/netfilter_bridge/ebtables.h>
20#include <linux/netfilter_bridge/ebt_ip.h>
21 21
22struct tcpudphdr { 22struct tcpudphdr {
23 __be16 src; 23 __be16 src;
@@ -83,8 +83,6 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask,
83{ 83{
84 const struct ebt_ip_info *info = data; 84 const struct ebt_ip_info *info = data;
85 85
86 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info)))
87 return -EINVAL;
88 if (e->ethproto != htons(ETH_P_IP) || 86 if (e->ethproto != htons(ETH_P_IP) ||
89 e->invflags & EBT_IPROTO) 87 e->invflags & EBT_IPROTO)
90 return -EINVAL; 88 return -EINVAL;
@@ -111,6 +109,7 @@ static struct ebt_match filter_ip __read_mostly = {
111 .name = EBT_IP_MATCH, 109 .name = EBT_IP_MATCH,
112 .match = ebt_filter_ip, 110 .match = ebt_filter_ip,
113 .check = ebt_ip_check, 111 .check = ebt_ip_check,
112 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
114 .me = THIS_MODULE, 113 .me = THIS_MODULE,
115}; 114};
116 115
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 36efb3a75249..554dd68637c8 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -13,14 +13,14 @@
13 * 13 *
14 * Jan, 2008 14 * Jan, 2008
15 */ 15 */
16
17#include <linux/netfilter_bridge/ebtables.h>
18#include <linux/netfilter_bridge/ebt_ip6.h>
19#include <linux/ipv6.h> 16#include <linux/ipv6.h>
20#include <net/ipv6.h> 17#include <net/ipv6.h>
21#include <linux/in.h> 18#include <linux/in.h>
22#include <linux/module.h> 19#include <linux/module.h>
23#include <net/dsfield.h> 20#include <net/dsfield.h>
21#include <linux/netfilter/x_tables.h>
22#include <linux/netfilter_bridge/ebtables.h>
23#include <linux/netfilter_bridge/ebt_ip6.h>
24 24
25struct tcpudphdr { 25struct tcpudphdr {
26 __be16 src; 26 __be16 src;
@@ -97,8 +97,6 @@ static int ebt_ip6_check(const char *tablename, unsigned int hookmask,
97{ 97{
98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; 98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
99 99
100 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip6_info)))
101 return -EINVAL;
102 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) 100 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
103 return -EINVAL; 101 return -EINVAL;
104 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) 102 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
@@ -125,6 +123,7 @@ static struct ebt_match filter_ip6 =
125 .name = EBT_IP6_MATCH, 123 .name = EBT_IP6_MATCH,
126 .match = ebt_filter_ip6, 124 .match = ebt_filter_ip6,
127 .check = ebt_ip6_check, 125 .check = ebt_ip6_check,
126 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
128 .me = THIS_MODULE, 127 .me = THIS_MODULE,
129}; 128};
130 129
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 8cbdc01c253e..3d71f3510ffa 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -10,13 +10,12 @@
10 * September, 2003 10 * September, 2003
11 * 11 *
12 */ 12 */
13
14#include <linux/netfilter_bridge/ebtables.h>
15#include <linux/netfilter_bridge/ebt_limit.h>
16#include <linux/module.h> 13#include <linux/module.h>
17
18#include <linux/netdevice.h> 14#include <linux/netdevice.h>
19#include <linux/spinlock.h> 15#include <linux/spinlock.h>
16#include <linux/netfilter/x_tables.h>
17#include <linux/netfilter_bridge/ebtables.h>
18#include <linux/netfilter_bridge/ebt_limit.h>
20 19
21static DEFINE_SPINLOCK(limit_lock); 20static DEFINE_SPINLOCK(limit_lock);
22 21
@@ -71,9 +70,6 @@ static int ebt_limit_check(const char *tablename, unsigned int hookmask,
71{ 70{
72 struct ebt_limit_info *info = data; 71 struct ebt_limit_info *info = data;
73 72
74 if (datalen != EBT_ALIGN(sizeof(struct ebt_limit_info)))
75 return -EINVAL;
76
77 /* Check for overflow. */ 73 /* Check for overflow. */
78 if (info->burst == 0 || 74 if (info->burst == 0 ||
79 user2credits(info->avg * info->burst) < user2credits(info->avg)) { 75 user2credits(info->avg * info->burst) < user2credits(info->avg)) {
@@ -94,6 +90,7 @@ static struct ebt_match ebt_limit_reg __read_mostly = {
94 .name = EBT_LIMIT_MATCH, 90 .name = EBT_LIMIT_MATCH,
95 .match = ebt_limit_match, 91 .match = ebt_limit_match,
96 .check = ebt_limit_check, 92 .check = ebt_limit_check,
93 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
97 .me = THIS_MODULE, 94 .me = THIS_MODULE,
98}; 95};
99 96
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 8b17c64bcd75..d9596f114a37 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -8,10 +8,6 @@
8 * April, 2002 8 * April, 2002
9 * 9 *
10 */ 10 */
11
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_log.h>
14#include <linux/netfilter.h>
15#include <linux/module.h> 11#include <linux/module.h>
16#include <linux/ip.h> 12#include <linux/ip.h>
17#include <linux/in.h> 13#include <linux/in.h>
@@ -21,6 +17,10 @@
21#include <linux/ipv6.h> 17#include <linux/ipv6.h>
22#include <net/ipv6.h> 18#include <net/ipv6.h>
23#include <linux/in6.h> 19#include <linux/in6.h>
20#include <linux/netfilter/x_tables.h>
21#include <linux/netfilter_bridge/ebtables.h>
22#include <linux/netfilter_bridge/ebt_log.h>
23#include <linux/netfilter.h>
24 24
25static DEFINE_SPINLOCK(ebt_log_lock); 25static DEFINE_SPINLOCK(ebt_log_lock);
26 26
@@ -29,8 +29,6 @@ static int ebt_log_check(const char *tablename, unsigned int hookmask,
29{ 29{
30 struct ebt_log_info *info = data; 30 struct ebt_log_info *info = data;
31 31
32 if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info)))
33 return -EINVAL;
34 if (info->bitmask & ~EBT_LOG_MASK) 32 if (info->bitmask & ~EBT_LOG_MASK)
35 return -EINVAL; 33 return -EINVAL;
36 if (info->loglevel >= 8) 34 if (info->loglevel >= 8)
@@ -218,6 +216,7 @@ static struct ebt_watcher log =
218 .name = EBT_LOG_WATCHER, 216 .name = EBT_LOG_WATCHER,
219 .watcher = ebt_log, 217 .watcher = ebt_log,
220 .check = ebt_log_check, 218 .check = ebt_log_check,
219 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
221 .me = THIS_MODULE, 220 .me = THIS_MODULE,
222}; 221};
223 222
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 36723f47db0a..bb02412786c8 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -13,9 +13,10 @@
13 * Marking a frame doesn't really change anything in the frame anyway. 13 * Marking a frame doesn't really change anything in the frame anyway.
14 */ 14 */
15 15
16#include <linux/module.h>
17#include <linux/netfilter/x_tables.h>
16#include <linux/netfilter_bridge/ebtables.h> 18#include <linux/netfilter_bridge/ebtables.h>
17#include <linux/netfilter_bridge/ebt_mark_t.h> 19#include <linux/netfilter_bridge/ebt_mark_t.h>
18#include <linux/module.h>
19 20
20static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, 21static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
21 const struct net_device *in, const struct net_device *out, 22 const struct net_device *in, const struct net_device *out,
@@ -42,8 +43,6 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
42 const struct ebt_mark_t_info *info = data; 43 const struct ebt_mark_t_info *info = data;
43 int tmp; 44 int tmp;
44 45
45 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info)))
46 return -EINVAL;
47 tmp = info->target | ~EBT_VERDICT_BITS; 46 tmp = info->target | ~EBT_VERDICT_BITS;
48 if (BASE_CHAIN && tmp == EBT_RETURN) 47 if (BASE_CHAIN && tmp == EBT_RETURN)
49 return -EINVAL; 48 return -EINVAL;
@@ -61,6 +60,7 @@ static struct ebt_target mark_target __read_mostly = {
61 .name = EBT_MARK_TARGET, 60 .name = EBT_MARK_TARGET,
62 .target = ebt_target_mark, 61 .target = ebt_target_mark,
63 .check = ebt_target_mark_check, 62 .check = ebt_target_mark_check,
63 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
64 .me = THIS_MODULE, 64 .me = THIS_MODULE,
65}; 65};
66 66
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 9b0a4543861f..b8ce9eb71709 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -7,10 +7,10 @@
7 * July, 2002 7 * July, 2002
8 * 8 *
9 */ 9 */
10 10#include <linux/module.h>
11#include <linux/netfilter/x_tables.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_mark_m.h> 13#include <linux/netfilter_bridge/ebt_mark_m.h>
13#include <linux/module.h>
14 14
15static int ebt_filter_mark(const struct sk_buff *skb, 15static int ebt_filter_mark(const struct sk_buff *skb,
16 const struct net_device *in, const struct net_device *out, const void *data, 16 const struct net_device *in, const struct net_device *out, const void *data,
@@ -28,8 +28,6 @@ static int ebt_mark_check(const char *tablename, unsigned int hookmask,
28{ 28{
29 const struct ebt_mark_m_info *info = data; 29 const struct ebt_mark_m_info *info = data;
30 30
31 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info)))
32 return -EINVAL;
33 if (info->bitmask & ~EBT_MARK_MASK) 31 if (info->bitmask & ~EBT_MARK_MASK)
34 return -EINVAL; 32 return -EINVAL;
35 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) 33 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
@@ -43,6 +41,7 @@ static struct ebt_match filter_mark __read_mostly = {
43 .name = EBT_MARK_MATCH, 41 .name = EBT_MARK_MATCH,
44 .match = ebt_filter_mark, 42 .match = ebt_filter_mark,
45 .check = ebt_mark_check, 43 .check = ebt_mark_check,
44 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
46 .me = THIS_MODULE, 45 .me = THIS_MODULE,
47}; 46};
48 47
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 8e799aa9e560..88ceb5eb8496 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -14,6 +14,7 @@
14 14
15#include <linux/module.h> 15#include <linux/module.h>
16#include <linux/spinlock.h> 16#include <linux/spinlock.h>
17#include <linux/netfilter/x_tables.h>
17#include <linux/netfilter_bridge/ebtables.h> 18#include <linux/netfilter_bridge/ebtables.h>
18#include <linux/netfilter_bridge/ebt_nflog.h> 19#include <linux/netfilter_bridge/ebt_nflog.h>
19#include <net/netfilter/nf_log.h> 20#include <net/netfilter/nf_log.h>
@@ -42,8 +43,6 @@ static int ebt_nflog_check(const char *tablename,
42{ 43{
43 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; 44 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
44 45
45 if (datalen != EBT_ALIGN(sizeof(struct ebt_nflog_info)))
46 return -EINVAL;
47 if (info->flags & ~EBT_NFLOG_MASK) 46 if (info->flags & ~EBT_NFLOG_MASK)
48 return -EINVAL; 47 return -EINVAL;
49 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; 48 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';
@@ -54,6 +53,7 @@ static struct ebt_watcher nflog __read_mostly = {
54 .name = EBT_NFLOG_WATCHER, 53 .name = EBT_NFLOG_WATCHER,
55 .watcher = ebt_nflog, 54 .watcher = ebt_nflog,
56 .check = ebt_nflog_check, 55 .check = ebt_nflog_check,
56 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
57 .me = THIS_MODULE, 57 .me = THIS_MODULE,
58}; 58};
59 59
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 676db32df3d1..019026177f8b 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -7,10 +7,10 @@
7 * April, 2003 7 * April, 2003
8 * 8 *
9 */ 9 */
10 10#include <linux/module.h>
11#include <linux/netfilter/x_tables.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_pkttype.h> 13#include <linux/netfilter_bridge/ebt_pkttype.h>
13#include <linux/module.h>
14 14
15static int ebt_filter_pkttype(const struct sk_buff *skb, 15static int ebt_filter_pkttype(const struct sk_buff *skb,
16 const struct net_device *in, 16 const struct net_device *in,
@@ -28,8 +28,6 @@ static int ebt_pkttype_check(const char *tablename, unsigned int hookmask,
28{ 28{
29 const struct ebt_pkttype_info *info = data; 29 const struct ebt_pkttype_info *info = data;
30 30
31 if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info)))
32 return -EINVAL;
33 if (info->invert != 0 && info->invert != 1) 31 if (info->invert != 0 && info->invert != 1)
34 return -EINVAL; 32 return -EINVAL;
35 /* Allow any pkt_type value */ 33 /* Allow any pkt_type value */
@@ -40,6 +38,7 @@ static struct ebt_match filter_pkttype __read_mostly = {
40 .name = EBT_PKTTYPE_MATCH, 38 .name = EBT_PKTTYPE_MATCH,
41 .match = ebt_filter_pkttype, 39 .match = ebt_filter_pkttype,
42 .check = ebt_pkttype_check, 40 .check = ebt_pkttype_check,
41 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
43 .me = THIS_MODULE, 42 .me = THIS_MODULE,
44}; 43};
45 44
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index b8afe850cf1e..040532683862 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -7,13 +7,13 @@
7 * April, 2002 7 * April, 2002
8 * 8 *
9 */ 9 */
10
11#include <linux/netfilter.h>
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_redirect.h>
14#include <linux/module.h> 10#include <linux/module.h>
15#include <net/sock.h> 11#include <net/sock.h>
16#include "../br_private.h" 12#include "../br_private.h"
13#include <linux/netfilter.h>
14#include <linux/netfilter/x_tables.h>
15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_redirect.h>
17 17
18static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, 18static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
@@ -38,8 +38,6 @@ static int ebt_target_redirect_check(const char *tablename, unsigned int hookmas
38{ 38{
39 const struct ebt_redirect_info *info = data; 39 const struct ebt_redirect_info *info = data;
40 40
41 if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info)))
42 return -EINVAL;
43 if (BASE_CHAIN && info->target == EBT_RETURN) 41 if (BASE_CHAIN && info->target == EBT_RETURN)
44 return -EINVAL; 42 return -EINVAL;
45 CLEAR_BASE_CHAIN_BIT; 43 CLEAR_BASE_CHAIN_BIT;
@@ -55,6 +53,7 @@ static struct ebt_target redirect_target __read_mostly = {
55 .name = EBT_REDIRECT_TARGET, 53 .name = EBT_REDIRECT_TARGET,
56 .target = ebt_target_redirect, 54 .target = ebt_target_redirect,
57 .check = ebt_target_redirect_check, 55 .check = ebt_target_redirect_check,
56 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
58 .me = THIS_MODULE, 57 .me = THIS_MODULE,
59}; 58};
60 59
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 5425333dda03..abfbc6c95024 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -7,14 +7,14 @@
7 * June, 2002 7 * June, 2002
8 * 8 *
9 */ 9 */
10
11#include <linux/netfilter.h>
12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_nat.h>
14#include <linux/module.h> 10#include <linux/module.h>
15#include <net/sock.h> 11#include <net/sock.h>
16#include <linux/if_arp.h> 12#include <linux/if_arp.h>
17#include <net/arp.h> 13#include <net/arp.h>
14#include <linux/netfilter.h>
15#include <linux/netfilter/x_tables.h>
16#include <linux/netfilter_bridge/ebtables.h>
17#include <linux/netfilter_bridge/ebt_nat.h>
18 18
19static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, 19static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
20 const struct net_device *in, const struct net_device *out, 20 const struct net_device *in, const struct net_device *out,
@@ -49,8 +49,6 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
49 const struct ebt_nat_info *info = data; 49 const struct ebt_nat_info *info = data;
50 int tmp; 50 int tmp;
51 51
52 if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info)))
53 return -EINVAL;
54 tmp = info->target | ~EBT_VERDICT_BITS; 52 tmp = info->target | ~EBT_VERDICT_BITS;
55 if (BASE_CHAIN && tmp == EBT_RETURN) 53 if (BASE_CHAIN && tmp == EBT_RETURN)
56 return -EINVAL; 54 return -EINVAL;
@@ -72,6 +70,7 @@ static struct ebt_target snat __read_mostly = {
72 .name = EBT_SNAT_TARGET, 70 .name = EBT_SNAT_TARGET,
73 .target = ebt_target_snat, 71 .target = ebt_target_snat,
74 .check = ebt_target_snat_check, 72 .check = ebt_target_snat_check,
73 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
75 .me = THIS_MODULE, 74 .me = THIS_MODULE,
76}; 75};
77 76
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 40f36d37607d..c7a0a00dac7c 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -7,11 +7,11 @@
7 * 7 *
8 * July, 2003 8 * July, 2003
9 */ 9 */
10
11#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_stp.h>
13#include <linux/etherdevice.h> 10#include <linux/etherdevice.h>
14#include <linux/module.h> 11#include <linux/module.h>
12#include <linux/netfilter/x_tables.h>
13#include <linux/netfilter_bridge/ebtables.h>
14#include <linux/netfilter_bridge/ebt_stp.h>
15 15
16#define BPDU_TYPE_CONFIG 0 16#define BPDU_TYPE_CONFIG 0
17#define BPDU_TYPE_TCN 0x80 17#define BPDU_TYPE_TCN 0x80
@@ -157,15 +157,12 @@ static int ebt_stp_check(const char *tablename, unsigned int hookmask,
157 const struct ebt_entry *e, void *data, unsigned int datalen) 157 const struct ebt_entry *e, void *data, unsigned int datalen)
158{ 158{
159 const struct ebt_stp_info *info = data; 159 const struct ebt_stp_info *info = data;
160 const unsigned int len = EBT_ALIGN(sizeof(struct ebt_stp_info));
161 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; 160 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
162 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 161 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
163 162
164 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
165 !(info->bitmask & EBT_STP_MASK)) 164 !(info->bitmask & EBT_STP_MASK))
166 return -EINVAL; 165 return -EINVAL;
167 if (datalen != len)
168 return -EINVAL;
169 /* Make sure the match only receives stp frames */ 166 /* Make sure the match only receives stp frames */
170 if (compare_ether_addr(e->destmac, bridge_ula) || 167 if (compare_ether_addr(e->destmac, bridge_ula) ||
171 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) 168 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC))
@@ -178,6 +175,7 @@ static struct ebt_match filter_stp __read_mostly = {
178 .name = EBT_STP_MATCH, 175 .name = EBT_STP_MATCH,
179 .match = ebt_filter_stp, 176 .match = ebt_filter_stp,
180 .check = ebt_stp_check, 177 .check = ebt_stp_check,
178 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
181 .me = THIS_MODULE, 179 .me = THIS_MODULE,
182}; 180};
183 181
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 3b1678cd66f1..bdd8a27bba9c 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -36,6 +36,7 @@
36#include <linux/timer.h> 36#include <linux/timer.h>
37#include <linux/netlink.h> 37#include <linux/netlink.h>
38#include <linux/netdevice.h> 38#include <linux/netdevice.h>
39#include <linux/netfilter/x_tables.h>
39#include <linux/netfilter_bridge/ebtables.h> 40#include <linux/netfilter_bridge/ebtables.h>
40#include <linux/netfilter_bridge/ebt_ulog.h> 41#include <linux/netfilter_bridge/ebt_ulog.h>
41#include <net/netfilter/nf_log.h> 42#include <net/netfilter/nf_log.h>
@@ -260,8 +261,7 @@ static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
260{ 261{
261 struct ebt_ulog_info *uloginfo = data; 262 struct ebt_ulog_info *uloginfo = data;
262 263
263 if (datalen != EBT_ALIGN(sizeof(struct ebt_ulog_info)) || 264 if (uloginfo->nlgroup > 31)
264 uloginfo->nlgroup > 31)
265 return -EINVAL; 265 return -EINVAL;
266 266
267 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; 267 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0';
@@ -276,6 +276,7 @@ static struct ebt_watcher ulog __read_mostly = {
276 .name = EBT_ULOG_WATCHER, 276 .name = EBT_ULOG_WATCHER,
277 .watcher = ebt_ulog, 277 .watcher = ebt_ulog,
278 .check = ebt_ulog_check, 278 .check = ebt_ulog_check,
279 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
279 .me = THIS_MODULE, 280 .me = THIS_MODULE,
280}; 281};
281 282
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index ab60b0dade80..4dba47aefc8a 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -22,6 +22,7 @@
22#include <linux/if_vlan.h> 22#include <linux/if_vlan.h>
23#include <linux/module.h> 23#include <linux/module.h>
24#include <linux/moduleparam.h> 24#include <linux/moduleparam.h>
25#include <linux/netfilter/x_tables.h>
25#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/netfilter_bridge/ebtables.h>
26#include <linux/netfilter_bridge/ebt_vlan.h> 27#include <linux/netfilter_bridge/ebt_vlan.h>
27 28
@@ -93,14 +94,6 @@ ebt_check_vlan(const char *tablename,
93{ 94{
94 struct ebt_vlan_info *info = data; 95 struct ebt_vlan_info *info = data;
95 96
96 /* Parameters buffer overflow check */
97 if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) {
98 DEBUG_MSG
99 ("passed size %d is not eq to ebt_vlan_info (%Zd)\n",
100 datalen, sizeof(struct ebt_vlan_info));
101 return -EINVAL;
102 }
103
104 /* Is it 802.1Q frame checked? */ 97 /* Is it 802.1Q frame checked? */
105 if (e->ethproto != htons(ETH_P_8021Q)) { 98 if (e->ethproto != htons(ETH_P_8021Q)) {
106 DEBUG_MSG 99 DEBUG_MSG
@@ -173,6 +166,7 @@ static struct ebt_match filter_vlan __read_mostly = {
173 .name = EBT_VLAN_MATCH, 166 .name = EBT_VLAN_MATCH,
174 .match = ebt_filter_vlan, 167 .match = ebt_filter_vlan,
175 .check = ebt_check_vlan, 168 .check = ebt_check_vlan,
169 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
176 .me = THIS_MODULE, 170 .me = THIS_MODULE,
177}; 171};
178 172
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 32afff859e4a..b04e288d20f2 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -19,6 +19,7 @@
19#include <linux/kmod.h> 19#include <linux/kmod.h>
20#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/vmalloc.h> 21#include <linux/vmalloc.h>
22#include <linux/netfilter/x_tables.h>
22#include <linux/netfilter_bridge/ebtables.h> 23#include <linux/netfilter_bridge/ebtables.h>
23#include <linux/spinlock.h> 24#include <linux/spinlock.h>
24#include <linux/mutex.h> 25#include <linux/mutex.h>
@@ -59,8 +60,9 @@ static LIST_HEAD(ebt_targets);
59static LIST_HEAD(ebt_matches); 60static LIST_HEAD(ebt_matches);
60static LIST_HEAD(ebt_watchers); 61static LIST_HEAD(ebt_watchers);
61 62
62static struct ebt_target ebt_standard_target = 63static struct ebt_target ebt_standard_target = {
63{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; 64 .name = "standard",
65};
64 66
65static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 67static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
66 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 68 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
@@ -350,6 +352,18 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
350 return -ENOENT; 352 return -ENOENT;
351 } 353 }
352 mutex_unlock(&ebt_mutex); 354 mutex_unlock(&ebt_mutex);
355 if (XT_ALIGN(match->matchsize) != m->match_size &&
356 match->matchsize != -1) {
357 /*
358 * ebt_among is exempt from centralized matchsize checking
359 * because it uses a dynamic-size data set.
360 */
361 printk(KERN_WARNING "ebtables: %s match: "
362 "invalid size %Zu != %u\n",
363 match->name, XT_ALIGN(match->matchsize), m->match_size);
364 module_put(match->me);
365 return -EINVAL;
366 }
353 if (match->check && 367 if (match->check &&
354 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 368 match->check(name, hookmask, e, m->data, m->match_size) != 0) {
355 BUGPRINT("match->check failed\n"); 369 BUGPRINT("match->check failed\n");
@@ -380,6 +394,14 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
380 return -ENOENT; 394 return -ENOENT;
381 } 395 }
382 mutex_unlock(&ebt_mutex); 396 mutex_unlock(&ebt_mutex);
397 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
398 printk(KERN_WARNING "ebtables: %s watcher: "
399 "invalid size %Zu != %u\n",
400 watcher->name, XT_ALIGN(watcher->targetsize),
401 w->watcher_size);
402 module_put(watcher->me);
403 return -EINVAL;
404 }
383 if (watcher->check && 405 if (watcher->check &&
384 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 406 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
385 BUGPRINT("watcher->check failed\n"); 407 BUGPRINT("watcher->check failed\n");
@@ -681,9 +703,20 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
681 ret = -EFAULT; 703 ret = -EFAULT;
682 goto cleanup_watchers; 704 goto cleanup_watchers;
683 } 705 }
684 } else if (t->target_size > gap - sizeof(struct ebt_entry_target) || 706 } else if (t->target_size > gap - sizeof(struct ebt_entry_target)) {
685 (t->u.target->check && 707 module_put(t->u.target->me);
686 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ 708 ret = -EFAULT;
709 goto cleanup_watchers;
710 } else if (XT_ALIGN(target->targetsize) != t->target_size) {
711 printk(KERN_WARNING "ebtables: %s target: "
712 "invalid size %Zu != %u\n",
713 target->name, XT_ALIGN(target->targetsize),
714 t->target_size);
715 module_put(t->u.target->me);
716 ret = -EINVAL;
717 goto cleanup_watchers;
718 } else if (t->u.target->check &&
719 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0) {
687 module_put(t->u.target->me); 720 module_put(t->u.target->me);
688 ret = -EFAULT; 721 ret = -EFAULT;
689 goto cleanup_watchers; 722 goto cleanup_watchers;