diff options
| author | David S. Miller <davem@davemloft.net> | 2012-04-01 18:57:48 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-04-01 18:57:48 -0400 |
| commit | cc1eb43134c07435955263dfe5d2fc980fe8b808 (patch) | |
| tree | c91629a69fff56ab396bd97418c7d0dae9da1849 /net | |
| parent | 516ee48f0be93ea5b41eaa5f7c5e06246447e575 (diff) | |
nf_conntrack_netlink: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 83 |
1 files changed, 49 insertions, 34 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ca7e8354e4f8..462ec2dbe561 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -66,7 +66,8 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb, | |||
| 66 | nest_parms = nla_nest_start(skb, CTA_TUPLE_PROTO | NLA_F_NESTED); | 66 | nest_parms = nla_nest_start(skb, CTA_TUPLE_PROTO | NLA_F_NESTED); |
| 67 | if (!nest_parms) | 67 | if (!nest_parms) |
| 68 | goto nla_put_failure; | 68 | goto nla_put_failure; |
| 69 | NLA_PUT_U8(skb, CTA_PROTO_NUM, tuple->dst.protonum); | 69 | if (nla_put_u8(skb, CTA_PROTO_NUM, tuple->dst.protonum)) |
| 70 | goto nla_put_failure; | ||
| 70 | 71 | ||
| 71 | if (likely(l4proto->tuple_to_nlattr)) | 72 | if (likely(l4proto->tuple_to_nlattr)) |
| 72 | ret = l4proto->tuple_to_nlattr(skb, tuple); | 73 | ret = l4proto->tuple_to_nlattr(skb, tuple); |
| @@ -126,7 +127,8 @@ ctnetlink_dump_tuples(struct sk_buff *skb, | |||
| 126 | static inline int | 127 | static inline int |
| 127 | ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct) | 128 | ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct) |
| 128 | { | 129 | { |
| 129 | NLA_PUT_BE32(skb, CTA_STATUS, htonl(ct->status)); | 130 | if (nla_put_be32(skb, CTA_STATUS, htonl(ct->status))) |
| 131 | goto nla_put_failure; | ||
| 130 | return 0; | 132 | return 0; |
| 131 | 133 | ||
| 132 | nla_put_failure: | 134 | nla_put_failure: |
| @@ -141,7 +143,8 @@ ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 141 | if (timeout < 0) | 143 | if (timeout < 0) |
| 142 | timeout = 0; | 144 | timeout = 0; |
| 143 | 145 | ||
| 144 | NLA_PUT_BE32(skb, CTA_TIMEOUT, htonl(timeout)); | 146 | if (nla_put_be32(skb, CTA_TIMEOUT, htonl(timeout))) |
| 147 | goto nla_put_failure; | ||
| 145 | return 0; | 148 | return 0; |
| 146 | 149 | ||
| 147 | nla_put_failure: | 150 | nla_put_failure: |
| @@ -190,7 +193,8 @@ ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 190 | nest_helper = nla_nest_start(skb, CTA_HELP | NLA_F_NESTED); | 193 | nest_helper = nla_nest_start(skb, CTA_HELP | NLA_F_NESTED); |
| 191 | if (!nest_helper) | 194 | if (!nest_helper) |
| 192 | goto nla_put_failure; | 195 | goto nla_put_failure; |
| 193 | NLA_PUT_STRING(skb, CTA_HELP_NAME, helper->name); | 196 | if (nla_put_string(skb, CTA_HELP_NAME, helper->name)) |
| 197 | goto nla_put_failure; | ||
| 194 | 198 | ||
| 195 | if (helper->to_nlattr) | 199 | if (helper->to_nlattr) |
| 196 | helper->to_nlattr(skb, ct); | 200 | helper->to_nlattr(skb, ct); |
| @@ -214,8 +218,9 @@ dump_counters(struct sk_buff *skb, u64 pkts, u64 bytes, | |||
| 214 | if (!nest_count) | 218 | if (!nest_count) |
| 215 | goto nla_put_failure; | 219 | goto nla_put_failure; |
| 216 | 220 | ||
| 217 | NLA_PUT_BE64(skb, CTA_COUNTERS_PACKETS, cpu_to_be64(pkts)); | 221 | if (nla_put_be64(skb, CTA_COUNTERS_PACKETS, cpu_to_be64(pkts)) || |
| 218 | NLA_PUT_BE64(skb, CTA_COUNTERS_BYTES, cpu_to_be64(bytes)); | 222 | nla_put_be64(skb, CTA_COUNTERS_BYTES, cpu_to_be64(bytes))) |
| 223 | goto nla_put_failure; | ||
| 219 | 224 | ||
| 220 | nla_nest_end(skb, nest_count); | 225 | nla_nest_end(skb, nest_count); |
| 221 | 226 | ||
| @@ -260,11 +265,10 @@ ctnetlink_dump_timestamp(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 260 | if (!nest_count) | 265 | if (!nest_count) |
| 261 | goto nla_put_failure; | 266 | goto nla_put_failure; |
| 262 | 267 | ||
| 263 | NLA_PUT_BE64(skb, CTA_TIMESTAMP_START, cpu_to_be64(tstamp->start)); | 268 | if (nla_put_be64(skb, CTA_TIMESTAMP_START, cpu_to_be64(tstamp->start)) || |
| 264 | if (tstamp->stop != 0) { | 269 | (tstamp->stop != 0 && nla_put_be64(skb, CTA_TIMESTAMP_STOP, |
| 265 | NLA_PUT_BE64(skb, CTA_TIMESTAMP_STOP, | 270 | cpu_to_be64(tstamp->stop)))) |
| 266 | cpu_to_be64(tstamp->stop)); | 271 | goto nla_put_failure; |
| 267 | } | ||
| 268 | nla_nest_end(skb, nest_count); | 272 | nla_nest_end(skb, nest_count); |
| 269 | 273 | ||
| 270 | return 0; | 274 | return 0; |
| @@ -277,7 +281,8 @@ nla_put_failure: | |||
| 277 | static inline int | 281 | static inline int |
| 278 | ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) | 282 | ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) |
| 279 | { | 283 | { |
| 280 | NLA_PUT_BE32(skb, CTA_MARK, htonl(ct->mark)); | 284 | if (nla_put_be32(skb, CTA_MARK, htonl(ct->mark))) |
| 285 | goto nla_put_failure; | ||
| 281 | return 0; | 286 | return 0; |
| 282 | 287 | ||
| 283 | nla_put_failure: | 288 | nla_put_failure: |
| @@ -304,7 +309,8 @@ ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 304 | if (!nest_secctx) | 309 | if (!nest_secctx) |
| 305 | goto nla_put_failure; | 310 | goto nla_put_failure; |
| 306 | 311 | ||
| 307 | NLA_PUT_STRING(skb, CTA_SECCTX_NAME, secctx); | 312 | if (nla_put_string(skb, CTA_SECCTX_NAME, secctx)) |
| 313 | goto nla_put_failure; | ||
| 308 | nla_nest_end(skb, nest_secctx); | 314 | nla_nest_end(skb, nest_secctx); |
| 309 | 315 | ||
| 310 | ret = 0; | 316 | ret = 0; |
| @@ -349,12 +355,13 @@ dump_nat_seq_adj(struct sk_buff *skb, const struct nf_nat_seq *natseq, int type) | |||
| 349 | if (!nest_parms) | 355 | if (!nest_parms) |
| 350 | goto nla_put_failure; | 356 | goto nla_put_failure; |
| 351 | 357 | ||
| 352 | NLA_PUT_BE32(skb, CTA_NAT_SEQ_CORRECTION_POS, | 358 | if (nla_put_be32(skb, CTA_NAT_SEQ_CORRECTION_POS, |
| 353 | htonl(natseq->correction_pos)); | 359 | htonl(natseq->correction_pos)) || |
| 354 | NLA_PUT_BE32(skb, CTA_NAT_SEQ_OFFSET_BEFORE, | 360 | nla_put_be32(skb, CTA_NAT_SEQ_OFFSET_BEFORE, |
| 355 | htonl(natseq->offset_before)); | 361 | htonl(natseq->offset_before)) || |
| 356 | NLA_PUT_BE32(skb, CTA_NAT_SEQ_OFFSET_AFTER, | 362 | nla_put_be32(skb, CTA_NAT_SEQ_OFFSET_AFTER, |
| 357 | htonl(natseq->offset_after)); | 363 | htonl(natseq->offset_after))) |
| 364 | goto nla_put_failure; | ||
| 358 | 365 | ||
| 359 | nla_nest_end(skb, nest_parms); | 366 | nla_nest_end(skb, nest_parms); |
| 360 | 367 | ||
| @@ -390,7 +397,8 @@ ctnetlink_dump_nat_seq_adj(struct sk_buff *skb, const struct nf_conn *ct) | |||
| 390 | static inline int | 397 | static inline int |
| 391 | ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct) | 398 | ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct) |
| 392 | { | 399 | { |
| 393 | NLA_PUT_BE32(skb, CTA_ID, htonl((unsigned long)ct)); | 400 | if (nla_put_be32(skb, CTA_ID, htonl((unsigned long)ct))) |
| 401 | goto nla_put_failure; | ||
| 394 | return 0; | 402 | return 0; |
| 395 | 403 | ||
| 396 | nla_put_failure: | 404 | nla_put_failure: |
| @@ -400,7 +408,8 @@ nla_put_failure: | |||
| 400 | static inline int | 408 | static inline int |
| 401 | ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct) | 409 | ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct) |
| 402 | { | 410 | { |
| 403 | NLA_PUT_BE32(skb, CTA_USE, htonl(atomic_read(&ct->ct_general.use))); | 411 | if (nla_put_be32(skb, CTA_USE, htonl(atomic_read(&ct->ct_general.use)))) |
| 412 | goto nla_put_failure; | ||
| 404 | return 0; | 413 | return 0; |
| 405 | 414 | ||
| 406 | nla_put_failure: | 415 | nla_put_failure: |
| @@ -440,8 +449,9 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq, u32 type, | |||
| 440 | goto nla_put_failure; | 449 | goto nla_put_failure; |
| 441 | nla_nest_end(skb, nest_parms); | 450 | nla_nest_end(skb, nest_parms); |
| 442 | 451 | ||
| 443 | if (nf_ct_zone(ct)) | 452 | if (nf_ct_zone(ct) && |
| 444 | NLA_PUT_BE16(skb, CTA_ZONE, htons(nf_ct_zone(ct))); | 453 | nla_put_be16(skb, CTA_ZONE, htons(nf_ct_zone(ct)))) |
| 454 | goto nla_put_failure; | ||
| 445 | 455 | ||
| 446 | if (ctnetlink_dump_status(skb, ct) < 0 || | 456 | if (ctnetlink_dump_status(skb, ct) < 0 || |
| 447 | ctnetlink_dump_timeout(skb, ct) < 0 || | 457 | ctnetlink_dump_timeout(skb, ct) < 0 || |
| @@ -617,8 +627,9 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) | |||
| 617 | goto nla_put_failure; | 627 | goto nla_put_failure; |
| 618 | nla_nest_end(skb, nest_parms); | 628 | nla_nest_end(skb, nest_parms); |
| 619 | 629 | ||
| 620 | if (nf_ct_zone(ct)) | 630 | if (nf_ct_zone(ct) && |
| 621 | NLA_PUT_BE16(skb, CTA_ZONE, htons(nf_ct_zone(ct))); | 631 | nla_put_be16(skb, CTA_ZONE, htons(nf_ct_zone(ct)))) |
| 632 | goto nla_put_failure; | ||
| 622 | 633 | ||
| 623 | if (ctnetlink_dump_id(skb, ct) < 0) | 634 | if (ctnetlink_dump_id(skb, ct) < 0) |
| 624 | goto nla_put_failure; | 635 | goto nla_put_failure; |
| @@ -1705,7 +1716,8 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | |||
| 1705 | if (!nest_parms) | 1716 | if (!nest_parms) |
| 1706 | goto nla_put_failure; | 1717 | goto nla_put_failure; |
| 1707 | 1718 | ||
| 1708 | NLA_PUT_BE32(skb, CTA_EXPECT_NAT_DIR, htonl(exp->dir)); | 1719 | if (nla_put_be32(skb, CTA_EXPECT_NAT_DIR, htonl(exp->dir))) |
| 1720 | goto nla_put_failure; | ||
| 1709 | 1721 | ||
| 1710 | nat_tuple.src.l3num = nf_ct_l3num(master); | 1722 | nat_tuple.src.l3num = nf_ct_l3num(master); |
| 1711 | nat_tuple.src.u3.ip = exp->saved_ip; | 1723 | nat_tuple.src.u3.ip = exp->saved_ip; |
| @@ -1718,21 +1730,24 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | |||
| 1718 | nla_nest_end(skb, nest_parms); | 1730 | nla_nest_end(skb, nest_parms); |
| 1719 | } | 1731 | } |
| 1720 | #endif | 1732 | #endif |
| 1721 | NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)); | 1733 | if (nla_put_be32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)) || |
| 1722 | NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)); | 1734 | nla_put_be32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)) || |
| 1723 | NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)); | 1735 | nla_put_be32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)) || |
| 1724 | NLA_PUT_BE32(skb, CTA_EXPECT_CLASS, htonl(exp->class)); | 1736 | nla_put_be32(skb, CTA_EXPECT_CLASS, htonl(exp->class))) |
| 1737 | goto nla_put_failure; | ||
| 1725 | help = nfct_help(master); | 1738 | help = nfct_help(master); |
| 1726 | if (help) { | 1739 | if (help) { |
| 1727 | struct nf_conntrack_helper *helper; | 1740 | struct nf_conntrack_helper *helper; |
| 1728 | 1741 | ||
| 1729 | helper = rcu_dereference(help->helper); | 1742 | helper = rcu_dereference(help->helper); |
| 1730 | if (helper) | 1743 | if (helper && |
| 1731 | NLA_PUT_STRING(skb, CTA_EXPECT_HELP_NAME, helper->name); | 1744 | nla_put_string(skb, CTA_EXPECT_HELP_NAME, helper->name)) |
| 1745 | goto nla_put_failure; | ||
| 1732 | } | 1746 | } |
| 1733 | expfn = nf_ct_helper_expectfn_find_by_symbol(exp->expectfn); | 1747 | expfn = nf_ct_helper_expectfn_find_by_symbol(exp->expectfn); |
| 1734 | if (expfn != NULL) | 1748 | if (expfn != NULL && |
| 1735 | NLA_PUT_STRING(skb, CTA_EXPECT_FN, expfn->name); | 1749 | nla_put_string(skb, CTA_EXPECT_FN, expfn->name)) |
| 1750 | goto nla_put_failure; | ||
| 1736 | 1751 | ||
| 1737 | return 0; | 1752 | return 0; |
| 1738 | 1753 | ||