aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/ebtables.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index c4f10b8865a7..f0d9ffd4c916 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -774,17 +774,12 @@ letscontinue:
774} 774}
775 775
776/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ 776/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
777static int translate_table(struct ebt_replace *repl, 777static int translate_table(char *name, struct ebt_table_info *newinfo)
778 struct ebt_table_info *newinfo)
779{ 778{
780 unsigned int i, j, k, udc_cnt; 779 unsigned int i, j, k, udc_cnt;
781 int ret; 780 int ret;
782 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ 781 struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
783 782
784 ret = ebt_verify_pointers(repl, newinfo);
785 if (ret != 0)
786 return ret;
787
788 i = 0; 783 i = 0;
789 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) 784 while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
790 i++; 785 i++;
@@ -889,7 +884,7 @@ static int translate_table(struct ebt_replace *repl,
889 /* used to know what we need to clean up if something goes wrong */ 884 /* used to know what we need to clean up if something goes wrong */
890 i = 0; 885 i = 0;
891 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 886 ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
892 ebt_check_entry, newinfo, repl->name, &i, cl_s, udc_cnt); 887 ebt_check_entry, newinfo, name, &i, cl_s, udc_cnt);
893 if (ret != 0) { 888 if (ret != 0) {
894 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 889 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
895 ebt_cleanup_entry, &i); 890 ebt_cleanup_entry, &i);
@@ -986,7 +981,11 @@ static int do_replace(void __user *user, unsigned int len)
986 981
987 /* this can get initialized by translate_table() */ 982 /* this can get initialized by translate_table() */
988 newinfo->chainstack = NULL; 983 newinfo->chainstack = NULL;
989 ret = translate_table(&tmp, newinfo); 984 ret = ebt_verify_pointers(&tmp, newinfo);
985 if (ret != 0)
986 goto free_counterstmp;
987
988 ret = translate_table(tmp.name, newinfo);
990 989
991 if (ret != 0) 990 if (ret != 0)
992 goto free_counterstmp; 991 goto free_counterstmp;
@@ -1185,7 +1184,10 @@ int ebt_register_table(struct ebt_table *table)
1185 1184
1186 /* fill in newinfo and parse the entries */ 1185 /* fill in newinfo and parse the entries */
1187 newinfo->chainstack = NULL; 1186 newinfo->chainstack = NULL;
1188 ret = translate_table(table->table, newinfo); 1187 ret = ebt_verify_pointers(table->table, newinfo);
1188 if (ret != 0)
1189 goto free_chainstack;
1190 ret = translate_table(table->table->name, newinfo);
1189 if (ret != 0) { 1191 if (ret != 0) {
1190 BUGPRINT("Translate_table failed\n"); 1192 BUGPRINT("Translate_table failed\n");
1191 goto free_chainstack; 1193 goto free_chainstack;