diff options
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 2eba40f54233..7ce190c21dd7 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl, | |||
401 | unsigned int offset = 0; | 401 | unsigned int offset = 0; |
402 | int i; | 402 | int i; |
403 | 403 | ||
404 | for (i = 0; i < NF_BR_NUMHOOKS; i++) | ||
405 | newinfo->hook_entry[i] = NULL; | ||
406 | |||
407 | newinfo->entries_size = repl->entries_size; | ||
408 | newinfo->nentries = repl->nentries; | ||
409 | |||
404 | while (offset < limit) { | 410 | while (offset < limit) { |
405 | size_t left = limit - offset; | 411 | size_t left = limit - offset; |
406 | struct ebt_entry *e = (void *)newinfo->entries + offset; | 412 | struct ebt_entry *e = (void *)newinfo->entries + offset; |
@@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl, | |||
440 | BUGPRINT("entries_size too small\n"); | 446 | BUGPRINT("entries_size too small\n"); |
441 | return -EINVAL; | 447 | return -EINVAL; |
442 | } | 448 | } |
449 | |||
450 | /* check if all valid hooks have a chain */ | ||
451 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | ||
452 | if (!newinfo->hook_entry[i] && | ||
453 | (valid_hooks & (1 << i))) { | ||
454 | BUGPRINT("Valid hook without chain\n"); | ||
455 | return -EINVAL; | ||
456 | } | ||
457 | } | ||
443 | return 0; | 458 | return 0; |
444 | } | 459 | } |
445 | 460 | ||
@@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl, | |||
772 | int ret; | 787 | int ret; |
773 | struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ | 788 | struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ |
774 | 789 | ||
790 | ret = ebt_verify_pointers(repl, newinfo); | ||
791 | if (ret != 0) | ||
792 | return ret; | ||
793 | |||
775 | i = 0; | 794 | i = 0; |
776 | while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) | 795 | while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) |
777 | i++; | 796 | i++; |
@@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl, | |||
795 | i = j; | 814 | i = j; |
796 | } | 815 | } |
797 | 816 | ||
798 | for (i = 0; i < NF_BR_NUMHOOKS; i++) | ||
799 | newinfo->hook_entry[i] = NULL; | ||
800 | |||
801 | newinfo->entries_size = repl->entries_size; | ||
802 | newinfo->nentries = repl->nentries; | ||
803 | |||
804 | ret = ebt_verify_pointers(repl, newinfo); | ||
805 | if (ret != 0) | ||
806 | return ret; | ||
807 | |||
808 | /* do some early checkings and initialize some things */ | 817 | /* do some early checkings and initialize some things */ |
809 | i = 0; /* holds the expected nr. of entries for the chain */ | 818 | i = 0; /* holds the expected nr. of entries for the chain */ |
810 | j = 0; /* holds the up to now counted entries for the chain */ | 819 | j = 0; /* holds the up to now counted entries for the chain */ |
@@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl, | |||
829 | return -EINVAL; | 838 | return -EINVAL; |
830 | } | 839 | } |
831 | 840 | ||
832 | /* check if all valid hooks have a chain */ | ||
833 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | ||
834 | if (newinfo->hook_entry[i] == NULL && | ||
835 | (repl->valid_hooks & (1 << i))) { | ||
836 | BUGPRINT("Valid hook without chain\n"); | ||
837 | return -EINVAL; | ||
838 | } | ||
839 | } | ||
840 | |||
841 | /* get the location of the udc, put them in an array | 841 | /* get the location of the udc, put them in an array |
842 | while we're at it, allocate the chainstack */ | 842 | while we're at it, allocate the chainstack */ |
843 | if (udc_cnt) { | 843 | if (udc_cnt) { |