aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/netfilter/arp_tables.c23
-rw-r--r--net/ipv4/netfilter/ip_tables.c25
-rw-r--r--net/ipv6/netfilter/ip6_tables.c25
3 files changed, 44 insertions, 29 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 57098dcda294..f07d77f65751 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -644,8 +644,10 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0,
644 /* Walk through entries, checking offsets. */ 644 /* Walk through entries, checking offsets. */
645 xt_entry_foreach(iter, entry0, newinfo->size) { 645 xt_entry_foreach(iter, entry0, newinfo->size) {
646 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 646 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
647 entry0 + repl->size, repl->hook_entry, repl->underflow, 647 entry0 + repl->size,
648 repl->valid_hooks); 648 repl->hook_entry,
649 repl->underflow,
650 repl->valid_hooks);
649 if (ret != 0) 651 if (ret != 0)
650 break; 652 break;
651 ++i; 653 ++i;
@@ -730,7 +732,7 @@ static void get_counters(const struct xt_table_info *t,
730 i = 0; 732 i = 0;
731 xt_entry_foreach(iter, t->entries[curcpu], t->size) { 733 xt_entry_foreach(iter, t->entries[curcpu], t->size) {
732 SET_COUNTER(counters[i], iter->counters.bcnt, 734 SET_COUNTER(counters[i], iter->counters.bcnt,
733 iter->counters.pcnt); 735 iter->counters.pcnt);
734 ++i; 736 ++i;
735 } 737 }
736 738
@@ -741,7 +743,7 @@ static void get_counters(const struct xt_table_info *t,
741 xt_info_wrlock(cpu); 743 xt_info_wrlock(cpu);
742 xt_entry_foreach(iter, t->entries[cpu], t->size) { 744 xt_entry_foreach(iter, t->entries[cpu], t->size) {
743 ADD_COUNTER(counters[i], iter->counters.bcnt, 745 ADD_COUNTER(counters[i], iter->counters.bcnt,
744 iter->counters.pcnt); 746 iter->counters.pcnt);
745 ++i; 747 ++i;
746 } 748 }
747 xt_info_wrunlock(cpu); 749 xt_info_wrunlock(cpu);
@@ -1356,8 +1358,11 @@ static int translate_compat_table(const char *name,
1356 /* Walk through entries, checking offsets. */ 1358 /* Walk through entries, checking offsets. */
1357 xt_entry_foreach(iter0, entry0, total_size) { 1359 xt_entry_foreach(iter0, entry0, total_size) {
1358 ret = check_compat_entry_size_and_hooks(iter0, info, &size, 1360 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
1359 entry0, entry0 + total_size, hook_entries, underflows, 1361 entry0,
1360 name); 1362 entry0 + total_size,
1363 hook_entries,
1364 underflows,
1365 name);
1361 if (ret != 0) 1366 if (ret != 0)
1362 goto out_unlock; 1367 goto out_unlock;
1363 ++j; 1368 ++j;
@@ -1401,8 +1406,8 @@ static int translate_compat_table(const char *name,
1401 pos = entry1; 1406 pos = entry1;
1402 size = total_size; 1407 size = total_size;
1403 xt_entry_foreach(iter0, entry0, total_size) { 1408 xt_entry_foreach(iter0, entry0, total_size) {
1404 ret = compat_copy_entry_from_user(iter0, &pos, 1409 ret = compat_copy_entry_from_user(iter0, &pos, &size,
1405 &size, name, newinfo, entry1); 1410 name, newinfo, entry1);
1406 if (ret != 0) 1411 if (ret != 0)
1407 break; 1412 break;
1408 } 1413 }
@@ -1617,7 +1622,7 @@ static int compat_copy_entries_to_user(unsigned int total_size,
1617 size = total_size; 1622 size = total_size;
1618 xt_entry_foreach(iter, loc_cpu_entry, total_size) { 1623 xt_entry_foreach(iter, loc_cpu_entry, total_size) {
1619 ret = compat_copy_entry_to_user(iter, &pos, 1624 ret = compat_copy_entry_to_user(iter, &pos,
1620 &size, counters, i++); 1625 &size, counters, i++);
1621 if (ret != 0) 1626 if (ret != 0)
1622 break; 1627 break;
1623 } 1628 }
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index c92f4e541cf6..b29c66df8d1f 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -836,8 +836,10 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
836 /* Walk through entries, checking offsets. */ 836 /* Walk through entries, checking offsets. */
837 xt_entry_foreach(iter, entry0, newinfo->size) { 837 xt_entry_foreach(iter, entry0, newinfo->size) {
838 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 838 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
839 entry0 + repl->size, repl->hook_entry, repl->underflow, 839 entry0 + repl->size,
840 repl->valid_hooks); 840 repl->hook_entry,
841 repl->underflow,
842 repl->valid_hooks);
841 if (ret != 0) 843 if (ret != 0)
842 return ret; 844 return ret;
843 ++i; 845 ++i;
@@ -918,7 +920,7 @@ get_counters(const struct xt_table_info *t,
918 i = 0; 920 i = 0;
919 xt_entry_foreach(iter, t->entries[curcpu], t->size) { 921 xt_entry_foreach(iter, t->entries[curcpu], t->size) {
920 SET_COUNTER(counters[i], iter->counters.bcnt, 922 SET_COUNTER(counters[i], iter->counters.bcnt,
921 iter->counters.pcnt); 923 iter->counters.pcnt);
922 ++i; 924 ++i;
923 } 925 }
924 926
@@ -929,7 +931,7 @@ get_counters(const struct xt_table_info *t,
929 xt_info_wrlock(cpu); 931 xt_info_wrlock(cpu);
930 xt_entry_foreach(iter, t->entries[cpu], t->size) { 932 xt_entry_foreach(iter, t->entries[cpu], t->size) {
931 ADD_COUNTER(counters[i], iter->counters.bcnt, 933 ADD_COUNTER(counters[i], iter->counters.bcnt,
932 iter->counters.pcnt); 934 iter->counters.pcnt);
933 ++i; /* macro does multi eval of i */ 935 ++i; /* macro does multi eval of i */
934 } 936 }
935 xt_info_wrunlock(cpu); 937 xt_info_wrunlock(cpu);
@@ -1540,7 +1542,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
1540 j = 0; 1542 j = 0;
1541 xt_ematch_foreach(ematch, e) { 1543 xt_ematch_foreach(ematch, e) {
1542 ret = compat_find_calc_match(ematch, name, 1544 ret = compat_find_calc_match(ematch, name,
1543 &e->ip, e->comefrom, &off); 1545 &e->ip, e->comefrom, &off);
1544 if (ret != 0) 1546 if (ret != 0)
1545 goto release_matches; 1547 goto release_matches;
1546 ++j; 1548 ++j;
@@ -1701,8 +1703,11 @@ translate_compat_table(struct net *net,
1701 /* Walk through entries, checking offsets. */ 1703 /* Walk through entries, checking offsets. */
1702 xt_entry_foreach(iter0, entry0, total_size) { 1704 xt_entry_foreach(iter0, entry0, total_size) {
1703 ret = check_compat_entry_size_and_hooks(iter0, info, &size, 1705 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
1704 entry0, entry0 + total_size, hook_entries, underflows, 1706 entry0,
1705 name); 1707 entry0 + total_size,
1708 hook_entries,
1709 underflows,
1710 name);
1706 if (ret != 0) 1711 if (ret != 0)
1707 goto out_unlock; 1712 goto out_unlock;
1708 ++j; 1713 ++j;
@@ -1746,8 +1751,8 @@ translate_compat_table(struct net *net,
1746 pos = entry1; 1751 pos = entry1;
1747 size = total_size; 1752 size = total_size;
1748 xt_entry_foreach(iter0, entry0, total_size) { 1753 xt_entry_foreach(iter0, entry0, total_size) {
1749 ret = compat_copy_entry_from_user(iter0, &pos, 1754 ret = compat_copy_entry_from_user(iter0, &pos, &size,
1750 &size, name, newinfo, entry1); 1755 name, newinfo, entry1);
1751 if (ret != 0) 1756 if (ret != 0)
1752 break; 1757 break;
1753 } 1758 }
@@ -1927,7 +1932,7 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
1927 size = total_size; 1932 size = total_size;
1928 xt_entry_foreach(iter, loc_cpu_entry, total_size) { 1933 xt_entry_foreach(iter, loc_cpu_entry, total_size) {
1929 ret = compat_copy_entry_to_user(iter, &pos, 1934 ret = compat_copy_entry_to_user(iter, &pos,
1930 &size, counters, i++); 1935 &size, counters, i++);
1931 if (ret != 0) 1936 if (ret != 0)
1932 break; 1937 break;
1933 } 1938 }
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f7042869198e..9210e312edf1 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -866,8 +866,10 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
866 /* Walk through entries, checking offsets. */ 866 /* Walk through entries, checking offsets. */
867 xt_entry_foreach(iter, entry0, newinfo->size) { 867 xt_entry_foreach(iter, entry0, newinfo->size) {
868 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 868 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
869 entry0 + repl->size, repl->hook_entry, repl->underflow, 869 entry0 + repl->size,
870 repl->valid_hooks); 870 repl->hook_entry,
871 repl->underflow,
872 repl->valid_hooks);
871 if (ret != 0) 873 if (ret != 0)
872 return ret; 874 return ret;
873 ++i; 875 ++i;
@@ -948,7 +950,7 @@ get_counters(const struct xt_table_info *t,
948 i = 0; 950 i = 0;
949 xt_entry_foreach(iter, t->entries[curcpu], t->size) { 951 xt_entry_foreach(iter, t->entries[curcpu], t->size) {
950 SET_COUNTER(counters[i], iter->counters.bcnt, 952 SET_COUNTER(counters[i], iter->counters.bcnt,
951 iter->counters.pcnt); 953 iter->counters.pcnt);
952 ++i; 954 ++i;
953 } 955 }
954 956
@@ -959,7 +961,7 @@ get_counters(const struct xt_table_info *t,
959 xt_info_wrlock(cpu); 961 xt_info_wrlock(cpu);
960 xt_entry_foreach(iter, t->entries[cpu], t->size) { 962 xt_entry_foreach(iter, t->entries[cpu], t->size) {
961 ADD_COUNTER(counters[i], iter->counters.bcnt, 963 ADD_COUNTER(counters[i], iter->counters.bcnt,
962 iter->counters.pcnt); 964 iter->counters.pcnt);
963 ++i; 965 ++i;
964 } 966 }
965 xt_info_wrunlock(cpu); 967 xt_info_wrunlock(cpu);
@@ -1573,7 +1575,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
1573 j = 0; 1575 j = 0;
1574 xt_ematch_foreach(ematch, e) { 1576 xt_ematch_foreach(ematch, e) {
1575 ret = compat_find_calc_match(ematch, name, 1577 ret = compat_find_calc_match(ematch, name,
1576 &e->ipv6, e->comefrom, &off); 1578 &e->ipv6, e->comefrom, &off);
1577 if (ret != 0) 1579 if (ret != 0)
1578 goto release_matches; 1580 goto release_matches;
1579 ++j; 1581 ++j;
@@ -1734,8 +1736,11 @@ translate_compat_table(struct net *net,
1734 /* Walk through entries, checking offsets. */ 1736 /* Walk through entries, checking offsets. */
1735 xt_entry_foreach(iter0, entry0, total_size) { 1737 xt_entry_foreach(iter0, entry0, total_size) {
1736 ret = check_compat_entry_size_and_hooks(iter0, info, &size, 1738 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
1737 entry0, entry0 + total_size, hook_entries, underflows, 1739 entry0,
1738 name); 1740 entry0 + total_size,
1741 hook_entries,
1742 underflows,
1743 name);
1739 if (ret != 0) 1744 if (ret != 0)
1740 goto out_unlock; 1745 goto out_unlock;
1741 ++j; 1746 ++j;
@@ -1779,8 +1784,8 @@ translate_compat_table(struct net *net,
1779 pos = entry1; 1784 pos = entry1;
1780 size = total_size; 1785 size = total_size;
1781 xt_entry_foreach(iter0, entry0, total_size) { 1786 xt_entry_foreach(iter0, entry0, total_size) {
1782 ret = compat_copy_entry_from_user(iter0, &pos, 1787 ret = compat_copy_entry_from_user(iter0, &pos, &size,
1783 &size, name, newinfo, entry1); 1788 name, newinfo, entry1);
1784 if (ret != 0) 1789 if (ret != 0)
1785 break; 1790 break;
1786 } 1791 }
@@ -1960,7 +1965,7 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
1960 size = total_size; 1965 size = total_size;
1961 xt_entry_foreach(iter, loc_cpu_entry, total_size) { 1966 xt_entry_foreach(iter, loc_cpu_entry, total_size) {
1962 ret = compat_copy_entry_to_user(iter, &pos, 1967 ret = compat_copy_entry_to_user(iter, &pos,
1963 &size, counters, i++); 1968 &size, counters, i++);
1964 if (ret != 0) 1969 if (ret != 0)
1965 break; 1970 break;
1966 } 1971 }