diff options
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c4f10b8865a7..f0d9ffd4c916 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -774,17 +774,12 @@ letscontinue: | |||
774 | } | 774 | } |
775 | 775 | ||
776 | /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ | 776 | /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ |
777 | static int translate_table(struct ebt_replace *repl, | 777 | static int translate_table(char *name, struct ebt_table_info *newinfo) |
778 | struct ebt_table_info *newinfo) | ||
779 | { | 778 | { |
780 | unsigned int i, j, k, udc_cnt; | 779 | unsigned int i, j, k, udc_cnt; |
781 | int ret; | 780 | int ret; |
782 | struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ | 781 | struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ |
783 | 782 | ||
784 | ret = ebt_verify_pointers(repl, newinfo); | ||
785 | if (ret != 0) | ||
786 | return ret; | ||
787 | |||
788 | i = 0; | 783 | i = 0; |
789 | while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) | 784 | while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) |
790 | i++; | 785 | i++; |
@@ -889,7 +884,7 @@ static int translate_table(struct ebt_replace *repl, | |||
889 | /* used to know what we need to clean up if something goes wrong */ | 884 | /* used to know what we need to clean up if something goes wrong */ |
890 | i = 0; | 885 | i = 0; |
891 | ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | 886 | ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, |
892 | ebt_check_entry, newinfo, repl->name, &i, cl_s, udc_cnt); | 887 | ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt); |
893 | if (ret != 0) { | 888 | if (ret != 0) { |
894 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | 889 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, |
895 | ebt_cleanup_entry, &i); | 890 | ebt_cleanup_entry, &i); |
@@ -986,7 +981,11 @@ static int do_replace(void __user *user, unsigned int len) | |||
986 | 981 | ||
987 | /* this can get initialized by translate_table() */ | 982 | /* this can get initialized by translate_table() */ |
988 | newinfo->chainstack = NULL; | 983 | newinfo->chainstack = NULL; |
989 | ret = translate_table(&tmp, newinfo); | 984 | ret = ebt_verify_pointers(&tmp, newinfo); |
985 | if (ret != 0) | ||
986 | goto free_counterstmp; | ||
987 | |||
988 | ret = translate_table(tmp.name, newinfo); | ||
990 | 989 | ||
991 | if (ret != 0) | 990 | if (ret != 0) |
992 | goto free_counterstmp; | 991 | goto free_counterstmp; |
@@ -1185,7 +1184,10 @@ int ebt_register_table(struct ebt_table *table) | |||
1185 | 1184 | ||
1186 | /* fill in newinfo and parse the entries */ | 1185 | /* fill in newinfo and parse the entries */ |
1187 | newinfo->chainstack = NULL; | 1186 | newinfo->chainstack = NULL; |
1188 | ret = translate_table(table->table, newinfo); | 1187 | ret = ebt_verify_pointers(table->table, newinfo); |
1188 | if (ret != 0) | ||
1189 | goto free_chainstack; | ||
1190 | ret = translate_table(table->table->name, newinfo); | ||
1189 | if (ret != 0) { | 1191 | if (ret != 0) { |
1190 | BUGPRINT("Translate_table failed\n"); | 1192 | BUGPRINT("Translate_table failed\n"); |
1191 | goto free_chainstack; | 1193 | goto free_chainstack; |