diff options
| author | David S. Miller <davem@davemloft.net> | 2012-04-01 20:28:52 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-04-02 04:33:43 -0400 |
| commit | e549a6b3a5acff66f0427091e44f814943a26a86 (patch) | |
| tree | 909c86eb9b7bc40efc0743927f92c77bb4b644fb /net | |
| parent | c78679e8f31b86c7a46e77a3096011f911854187 (diff) | |
netfilter: ipv6: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 9 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 12 |
2 files changed, 11 insertions, 10 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 4111050a9fc5..fe925e492520 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -278,10 +278,11 @@ static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { | |||
| 278 | static int ipv6_tuple_to_nlattr(struct sk_buff *skb, | 278 | static int ipv6_tuple_to_nlattr(struct sk_buff *skb, |
| 279 | const struct nf_conntrack_tuple *tuple) | 279 | const struct nf_conntrack_tuple *tuple) |
| 280 | { | 280 | { |
| 281 | NLA_PUT(skb, CTA_IP_V6_SRC, sizeof(u_int32_t) * 4, | 281 | if (nla_put(skb, CTA_IP_V6_SRC, sizeof(u_int32_t) * 4, |
| 282 | &tuple->src.u3.ip6); | 282 | &tuple->src.u3.ip6) || |
| 283 | NLA_PUT(skb, CTA_IP_V6_DST, sizeof(u_int32_t) * 4, | 283 | nla_put(skb, CTA_IP_V6_DST, sizeof(u_int32_t) * 4, |
| 284 | &tuple->dst.u3.ip6); | 284 | &tuple->dst.u3.ip6)) |
| 285 | goto nla_put_failure; | ||
| 285 | return 0; | 286 | return 0; |
| 286 | 287 | ||
| 287 | nla_put_failure: | 288 | nla_put_failure: |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 92cc9f2931ae..3e81904fbbcd 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -234,10 +234,10 @@ icmpv6_error(struct net *net, struct nf_conn *tmpl, | |||
| 234 | static int icmpv6_tuple_to_nlattr(struct sk_buff *skb, | 234 | static int icmpv6_tuple_to_nlattr(struct sk_buff *skb, |
| 235 | const struct nf_conntrack_tuple *t) | 235 | const struct nf_conntrack_tuple *t) |
| 236 | { | 236 | { |
| 237 | NLA_PUT_BE16(skb, CTA_PROTO_ICMPV6_ID, t->src.u.icmp.id); | 237 | if (nla_put_be16(skb, CTA_PROTO_ICMPV6_ID, t->src.u.icmp.id) || |
| 238 | NLA_PUT_U8(skb, CTA_PROTO_ICMPV6_TYPE, t->dst.u.icmp.type); | 238 | nla_put_u8(skb, CTA_PROTO_ICMPV6_TYPE, t->dst.u.icmp.type) || |
| 239 | NLA_PUT_U8(skb, CTA_PROTO_ICMPV6_CODE, t->dst.u.icmp.code); | 239 | nla_put_u8(skb, CTA_PROTO_ICMPV6_CODE, t->dst.u.icmp.code)) |
| 240 | 240 | goto nla_put_failure; | |
| 241 | return 0; | 241 | return 0; |
| 242 | 242 | ||
| 243 | nla_put_failure: | 243 | nla_put_failure: |
| @@ -300,8 +300,8 @@ icmpv6_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data) | |||
| 300 | { | 300 | { |
| 301 | const unsigned int *timeout = data; | 301 | const unsigned int *timeout = data; |
| 302 | 302 | ||
| 303 | NLA_PUT_BE32(skb, CTA_TIMEOUT_ICMPV6_TIMEOUT, htonl(*timeout / HZ)); | 303 | if (nla_put_be32(skb, CTA_TIMEOUT_ICMPV6_TIMEOUT, htonl(*timeout / HZ))) |
| 304 | 304 | goto nla_put_failure; | |
| 305 | return 0; | 305 | return 0; |
| 306 | 306 | ||
| 307 | nla_put_failure: | 307 | nla_put_failure: |