diff options
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 23 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 25 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 25 |
3 files changed, 44 insertions, 29 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 57098dcda294..f07d77f65751 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -644,8 +644,10 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, | |||
644 | /* Walk through entries, checking offsets. */ | 644 | /* Walk through entries, checking offsets. */ |
645 | xt_entry_foreach(iter, entry0, newinfo->size) { | 645 | xt_entry_foreach(iter, entry0, newinfo->size) { |
646 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 646 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
647 | entry0 + repl->size, repl->hook_entry, repl->underflow, | 647 | entry0 + repl->size, |
648 | repl->valid_hooks); | 648 | repl->hook_entry, |
649 | repl->underflow, | ||
650 | repl->valid_hooks); | ||
649 | if (ret != 0) | 651 | if (ret != 0) |
650 | break; | 652 | break; |
651 | ++i; | 653 | ++i; |
@@ -730,7 +732,7 @@ static void get_counters(const struct xt_table_info *t, | |||
730 | i = 0; | 732 | i = 0; |
731 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { | 733 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { |
732 | SET_COUNTER(counters[i], iter->counters.bcnt, | 734 | SET_COUNTER(counters[i], iter->counters.bcnt, |
733 | iter->counters.pcnt); | 735 | iter->counters.pcnt); |
734 | ++i; | 736 | ++i; |
735 | } | 737 | } |
736 | 738 | ||
@@ -741,7 +743,7 @@ static void get_counters(const struct xt_table_info *t, | |||
741 | xt_info_wrlock(cpu); | 743 | xt_info_wrlock(cpu); |
742 | xt_entry_foreach(iter, t->entries[cpu], t->size) { | 744 | xt_entry_foreach(iter, t->entries[cpu], t->size) { |
743 | ADD_COUNTER(counters[i], iter->counters.bcnt, | 745 | ADD_COUNTER(counters[i], iter->counters.bcnt, |
744 | iter->counters.pcnt); | 746 | iter->counters.pcnt); |
745 | ++i; | 747 | ++i; |
746 | } | 748 | } |
747 | xt_info_wrunlock(cpu); | 749 | xt_info_wrunlock(cpu); |
@@ -1356,8 +1358,11 @@ static int translate_compat_table(const char *name, | |||
1356 | /* Walk through entries, checking offsets. */ | 1358 | /* Walk through entries, checking offsets. */ |
1357 | xt_entry_foreach(iter0, entry0, total_size) { | 1359 | xt_entry_foreach(iter0, entry0, total_size) { |
1358 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, | 1360 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, |
1359 | entry0, entry0 + total_size, hook_entries, underflows, | 1361 | entry0, |
1360 | name); | 1362 | entry0 + total_size, |
1363 | hook_entries, | ||
1364 | underflows, | ||
1365 | name); | ||
1361 | if (ret != 0) | 1366 | if (ret != 0) |
1362 | goto out_unlock; | 1367 | goto out_unlock; |
1363 | ++j; | 1368 | ++j; |
@@ -1401,8 +1406,8 @@ static int translate_compat_table(const char *name, | |||
1401 | pos = entry1; | 1406 | pos = entry1; |
1402 | size = total_size; | 1407 | size = total_size; |
1403 | xt_entry_foreach(iter0, entry0, total_size) { | 1408 | xt_entry_foreach(iter0, entry0, total_size) { |
1404 | ret = compat_copy_entry_from_user(iter0, &pos, | 1409 | ret = compat_copy_entry_from_user(iter0, &pos, &size, |
1405 | &size, name, newinfo, entry1); | 1410 | name, newinfo, entry1); |
1406 | if (ret != 0) | 1411 | if (ret != 0) |
1407 | break; | 1412 | break; |
1408 | } | 1413 | } |
@@ -1617,7 +1622,7 @@ static int compat_copy_entries_to_user(unsigned int total_size, | |||
1617 | size = total_size; | 1622 | size = total_size; |
1618 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { | 1623 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { |
1619 | ret = compat_copy_entry_to_user(iter, &pos, | 1624 | ret = compat_copy_entry_to_user(iter, &pos, |
1620 | &size, counters, i++); | 1625 | &size, counters, i++); |
1621 | if (ret != 0) | 1626 | if (ret != 0) |
1622 | break; | 1627 | break; |
1623 | } | 1628 | } |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index c92f4e541cf6..b29c66df8d1f 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -836,8 +836,10 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, | |||
836 | /* Walk through entries, checking offsets. */ | 836 | /* Walk through entries, checking offsets. */ |
837 | xt_entry_foreach(iter, entry0, newinfo->size) { | 837 | xt_entry_foreach(iter, entry0, newinfo->size) { |
838 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 838 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
839 | entry0 + repl->size, repl->hook_entry, repl->underflow, | 839 | entry0 + repl->size, |
840 | repl->valid_hooks); | 840 | repl->hook_entry, |
841 | repl->underflow, | ||
842 | repl->valid_hooks); | ||
841 | if (ret != 0) | 843 | if (ret != 0) |
842 | return ret; | 844 | return ret; |
843 | ++i; | 845 | ++i; |
@@ -918,7 +920,7 @@ get_counters(const struct xt_table_info *t, | |||
918 | i = 0; | 920 | i = 0; |
919 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { | 921 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { |
920 | SET_COUNTER(counters[i], iter->counters.bcnt, | 922 | SET_COUNTER(counters[i], iter->counters.bcnt, |
921 | iter->counters.pcnt); | 923 | iter->counters.pcnt); |
922 | ++i; | 924 | ++i; |
923 | } | 925 | } |
924 | 926 | ||
@@ -929,7 +931,7 @@ get_counters(const struct xt_table_info *t, | |||
929 | xt_info_wrlock(cpu); | 931 | xt_info_wrlock(cpu); |
930 | xt_entry_foreach(iter, t->entries[cpu], t->size) { | 932 | xt_entry_foreach(iter, t->entries[cpu], t->size) { |
931 | ADD_COUNTER(counters[i], iter->counters.bcnt, | 933 | ADD_COUNTER(counters[i], iter->counters.bcnt, |
932 | iter->counters.pcnt); | 934 | iter->counters.pcnt); |
933 | ++i; /* macro does multi eval of i */ | 935 | ++i; /* macro does multi eval of i */ |
934 | } | 936 | } |
935 | xt_info_wrunlock(cpu); | 937 | xt_info_wrunlock(cpu); |
@@ -1540,7 +1542,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, | |||
1540 | j = 0; | 1542 | j = 0; |
1541 | xt_ematch_foreach(ematch, e) { | 1543 | xt_ematch_foreach(ematch, e) { |
1542 | ret = compat_find_calc_match(ematch, name, | 1544 | ret = compat_find_calc_match(ematch, name, |
1543 | &e->ip, e->comefrom, &off); | 1545 | &e->ip, e->comefrom, &off); |
1544 | if (ret != 0) | 1546 | if (ret != 0) |
1545 | goto release_matches; | 1547 | goto release_matches; |
1546 | ++j; | 1548 | ++j; |
@@ -1701,8 +1703,11 @@ translate_compat_table(struct net *net, | |||
1701 | /* Walk through entries, checking offsets. */ | 1703 | /* Walk through entries, checking offsets. */ |
1702 | xt_entry_foreach(iter0, entry0, total_size) { | 1704 | xt_entry_foreach(iter0, entry0, total_size) { |
1703 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, | 1705 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, |
1704 | entry0, entry0 + total_size, hook_entries, underflows, | 1706 | entry0, |
1705 | name); | 1707 | entry0 + total_size, |
1708 | hook_entries, | ||
1709 | underflows, | ||
1710 | name); | ||
1706 | if (ret != 0) | 1711 | if (ret != 0) |
1707 | goto out_unlock; | 1712 | goto out_unlock; |
1708 | ++j; | 1713 | ++j; |
@@ -1746,8 +1751,8 @@ translate_compat_table(struct net *net, | |||
1746 | pos = entry1; | 1751 | pos = entry1; |
1747 | size = total_size; | 1752 | size = total_size; |
1748 | xt_entry_foreach(iter0, entry0, total_size) { | 1753 | xt_entry_foreach(iter0, entry0, total_size) { |
1749 | ret = compat_copy_entry_from_user(iter0, &pos, | 1754 | ret = compat_copy_entry_from_user(iter0, &pos, &size, |
1750 | &size, name, newinfo, entry1); | 1755 | name, newinfo, entry1); |
1751 | if (ret != 0) | 1756 | if (ret != 0) |
1752 | break; | 1757 | break; |
1753 | } | 1758 | } |
@@ -1927,7 +1932,7 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table, | |||
1927 | size = total_size; | 1932 | size = total_size; |
1928 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { | 1933 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { |
1929 | ret = compat_copy_entry_to_user(iter, &pos, | 1934 | ret = compat_copy_entry_to_user(iter, &pos, |
1930 | &size, counters, i++); | 1935 | &size, counters, i++); |
1931 | if (ret != 0) | 1936 | if (ret != 0) |
1932 | break; | 1937 | break; |
1933 | } | 1938 | } |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index f7042869198e..9210e312edf1 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -866,8 +866,10 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, | |||
866 | /* Walk through entries, checking offsets. */ | 866 | /* Walk through entries, checking offsets. */ |
867 | xt_entry_foreach(iter, entry0, newinfo->size) { | 867 | xt_entry_foreach(iter, entry0, newinfo->size) { |
868 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 868 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
869 | entry0 + repl->size, repl->hook_entry, repl->underflow, | 869 | entry0 + repl->size, |
870 | repl->valid_hooks); | 870 | repl->hook_entry, |
871 | repl->underflow, | ||
872 | repl->valid_hooks); | ||
871 | if (ret != 0) | 873 | if (ret != 0) |
872 | return ret; | 874 | return ret; |
873 | ++i; | 875 | ++i; |
@@ -948,7 +950,7 @@ get_counters(const struct xt_table_info *t, | |||
948 | i = 0; | 950 | i = 0; |
949 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { | 951 | xt_entry_foreach(iter, t->entries[curcpu], t->size) { |
950 | SET_COUNTER(counters[i], iter->counters.bcnt, | 952 | SET_COUNTER(counters[i], iter->counters.bcnt, |
951 | iter->counters.pcnt); | 953 | iter->counters.pcnt); |
952 | ++i; | 954 | ++i; |
953 | } | 955 | } |
954 | 956 | ||
@@ -959,7 +961,7 @@ get_counters(const struct xt_table_info *t, | |||
959 | xt_info_wrlock(cpu); | 961 | xt_info_wrlock(cpu); |
960 | xt_entry_foreach(iter, t->entries[cpu], t->size) { | 962 | xt_entry_foreach(iter, t->entries[cpu], t->size) { |
961 | ADD_COUNTER(counters[i], iter->counters.bcnt, | 963 | ADD_COUNTER(counters[i], iter->counters.bcnt, |
962 | iter->counters.pcnt); | 964 | iter->counters.pcnt); |
963 | ++i; | 965 | ++i; |
964 | } | 966 | } |
965 | xt_info_wrunlock(cpu); | 967 | xt_info_wrunlock(cpu); |
@@ -1573,7 +1575,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | |||
1573 | j = 0; | 1575 | j = 0; |
1574 | xt_ematch_foreach(ematch, e) { | 1576 | xt_ematch_foreach(ematch, e) { |
1575 | ret = compat_find_calc_match(ematch, name, | 1577 | ret = compat_find_calc_match(ematch, name, |
1576 | &e->ipv6, e->comefrom, &off); | 1578 | &e->ipv6, e->comefrom, &off); |
1577 | if (ret != 0) | 1579 | if (ret != 0) |
1578 | goto release_matches; | 1580 | goto release_matches; |
1579 | ++j; | 1581 | ++j; |
@@ -1734,8 +1736,11 @@ translate_compat_table(struct net *net, | |||
1734 | /* Walk through entries, checking offsets. */ | 1736 | /* Walk through entries, checking offsets. */ |
1735 | xt_entry_foreach(iter0, entry0, total_size) { | 1737 | xt_entry_foreach(iter0, entry0, total_size) { |
1736 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, | 1738 | ret = check_compat_entry_size_and_hooks(iter0, info, &size, |
1737 | entry0, entry0 + total_size, hook_entries, underflows, | 1739 | entry0, |
1738 | name); | 1740 | entry0 + total_size, |
1741 | hook_entries, | ||
1742 | underflows, | ||
1743 | name); | ||
1739 | if (ret != 0) | 1744 | if (ret != 0) |
1740 | goto out_unlock; | 1745 | goto out_unlock; |
1741 | ++j; | 1746 | ++j; |
@@ -1779,8 +1784,8 @@ translate_compat_table(struct net *net, | |||
1779 | pos = entry1; | 1784 | pos = entry1; |
1780 | size = total_size; | 1785 | size = total_size; |
1781 | xt_entry_foreach(iter0, entry0, total_size) { | 1786 | xt_entry_foreach(iter0, entry0, total_size) { |
1782 | ret = compat_copy_entry_from_user(iter0, &pos, | 1787 | ret = compat_copy_entry_from_user(iter0, &pos, &size, |
1783 | &size, name, newinfo, entry1); | 1788 | name, newinfo, entry1); |
1784 | if (ret != 0) | 1789 | if (ret != 0) |
1785 | break; | 1790 | break; |
1786 | } | 1791 | } |
@@ -1960,7 +1965,7 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table, | |||
1960 | size = total_size; | 1965 | size = total_size; |
1961 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { | 1966 | xt_entry_foreach(iter, loc_cpu_entry, total_size) { |
1962 | ret = compat_copy_entry_to_user(iter, &pos, | 1967 | ret = compat_copy_entry_to_user(iter, &pos, |
1963 | &size, counters, i++); | 1968 | &size, counters, i++); |
1964 | if (ret != 0) | 1969 | if (ret != 0) |
1965 | break; | 1970 | break; |
1966 | } | 1971 | } |