aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/netfilter/ebtables.c38
1 files changed, 19 insertions, 19 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 2eba40f54233..7ce190c21dd7 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
401 unsigned int offset = 0; 401 unsigned int offset = 0;
402 int i; 402 int i;
403 403
404 for (i = 0; i < NF_BR_NUMHOOKS; i++)
405 newinfo->hook_entry[i] = NULL;
406
407 newinfo->entries_size = repl->entries_size;
408 newinfo->nentries = repl->nentries;
409
404 while (offset < limit) { 410 while (offset < limit) {
405 size_t left = limit - offset; 411 size_t left = limit - offset;
406 struct ebt_entry *e = (void *)newinfo->entries + offset; 412 struct ebt_entry *e = (void *)newinfo->entries + offset;
@@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
440 BUGPRINT("entries_size too small\n"); 446 BUGPRINT("entries_size too small\n");
441 return -EINVAL; 447 return -EINVAL;
442 } 448 }
449
450 /* check if all valid hooks have a chain */
451 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
452 if (!newinfo->hook_entry[i] &&
453 (valid_hooks & (1 << i))) {
454 BUGPRINT("Valid hook without chain\n");
455 return -EINVAL;
456 }
457 }
443 return 0; 458 return 0;
444} 459}
445 460
@@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl,
772 int ret; 787 int ret;
773 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 788 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
774 789
790 ret = ebt_verify_pointers(repl, newinfo);
791 if (ret != 0)
792 return ret;
793
775 i = 0; 794 i = 0;
776 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) 795 while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
777 i++; 796 i++;
@@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl,
795 i = j; 814 i = j;
796 } 815 }
797 816
798 for (i = 0; i < NF_BR_NUMHOOKS; i++)
799 newinfo->hook_entry[i] = NULL;
800
801 newinfo->entries_size = repl->entries_size;
802 newinfo->nentries = repl->nentries;
803
804 ret = ebt_verify_pointers(repl, newinfo);
805 if (ret != 0)
806 return ret;
807
808 /* do some early checkings and initialize some things */ 817 /* do some early checkings and initialize some things */
809 i = 0; /* holds the expected nr. of entries for the chain */ 818 i = 0; /* holds the expected nr. of entries for the chain */
810 j = 0; /* holds the up to now counted entries for the chain */ 819 j = 0; /* holds the up to now counted entries for the chain */
@@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl,
829 return -EINVAL; 838 return -EINVAL;
830 } 839 }
831 840
832 /* check if all valid hooks have a chain */
833 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
834 if (newinfo->hook_entry[i] == NULL &&
835 (repl->valid_hooks & (1 << i))) {
836 BUGPRINT("Valid hook without chain\n");
837 return -EINVAL;
838 }
839 }
840
841 /* get the location of the udc, put them in an array 841 /* get the location of the udc, put them in an array
842 while we're at it, allocate the chainstack */ 842 while we're at it, allocate the chainstack */
843 if (udc_cnt) { 843 if (udc_cnt) {