Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 009e8c96 authored Oct 18, 2007 by Li Zefan Committed by David S. Miller Oct 18, 2007

[NETFILTER]: xt_sctp: fix mistake to pass a pointer where array is required



Macros like SCTP_CHUNKMAP_XXX(chukmap) require chukmap to be an array,
but match_packet() passes a pointer to these macros. Also remove the
ELEMCOUNT macro and fix a bug in SCTP_CHUNKMAP_COPY.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 1b83336b

include/linux/netfilter/xt_sctp.h

+5 −8

Original line number	Diff line number	Diff line
		@@ -7,9 +7,6 @@

		#define XT_SCTP_VALID_FLAGS 0x07

		#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))


		struct xt_sctp_flag_info {
		u_int8_t chunktype;
		u_int8_t flag;
		@@ -59,21 +56,21 @@ struct xt_sctp_info {
		#define SCTP_CHUNKMAP_RESET(chunkmap) \
		do { \
		int i; \
		for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
		for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \
		chunkmap[i] = 0; \
		} while (0)

		#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
		do { \
		int i; \
		for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
		for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \
		chunkmap[i] = ~0; \
		} while (0)

		#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
		do { \
		int i; \
		for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
		for (i = 0; i < ARRAY_SIZE(srcmap); i++) \
		destmap[i] = srcmap[i]; \
		} while (0)

		@@ -81,7 +78,7 @@ struct xt_sctp_info {
		({ \
		int i; \
		int flag = 1; \
		for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
		for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \
		if (chunkmap[i]) { \
		flag = 0; \
		break; \
		@@ -94,7 +91,7 @@ struct xt_sctp_info {
		({ \
		int i; \
		int flag = 1; \
		for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
		for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \
		if (chunkmap[i] != ~0) { \
		flag = 0; \
		break; \

net/netfilter/xt_sctp.c

+8 −10

Original line number	Diff line number	Diff line
		@@ -42,21 +42,21 @@ match_flags(const struct xt_sctp_flag_info *flag_info,
		static inline bool
		match_packet(const struct sk_buff *skb,
		unsigned int offset,
		const u_int32_t *chunkmap,
		int chunk_match_type,
		const struct xt_sctp_flag_info *flag_info,
		const int flag_count,
		const struct xt_sctp_info *info,
		bool *hotdrop)
		{
		u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
		sctp_chunkhdr_t _sch, *sch;
		int chunk_match_type = info->chunk_match_type;
		const struct xt_sctp_flag_info *flag_info = info->flag_info;
		int flag_count = info->flag_count;

		#ifdef DEBUG_SCTP
		int i = 0;
		#endif

		if (chunk_match_type == SCTP_CHUNK_MATCH_ALL)
		SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap);
		SCTP_CHUNKMAP_COPY(chunkmapcopy, info->chunkmap);

		do {
		sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
		@@ -73,7 +73,7 @@ match_packet(const struct sk_buff *skb,

		duprintf("skb->len: %d\toffset: %d\n", skb->len, offset);

		if (SCTP_CHUNKMAP_IS_SET(chunkmap, sch->type)) {
		if (SCTP_CHUNKMAP_IS_SET(info->chunkmap, sch->type)) {
		switch (chunk_match_type) {
		case SCTP_CHUNK_MATCH_ANY:
		if (match_flags(flag_info, flag_count,
		@@ -104,7 +104,7 @@ match_packet(const struct sk_buff *skb,

		switch (chunk_match_type) {
		case SCTP_CHUNK_MATCH_ALL:
		return SCTP_CHUNKMAP_IS_CLEAR(chunkmap);
		return SCTP_CHUNKMAP_IS_CLEAR(info->chunkmap);
		case SCTP_CHUNK_MATCH_ANY:
		return false;
		case SCTP_CHUNK_MATCH_ONLY:
		@@ -148,9 +148,7 @@ match(const struct sk_buff *skb,
		&& ntohs(sh->dest) <= info->dpts[1],
		XT_SCTP_DEST_PORTS, info->flags, info->invflags)
		&& SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t),
		info->chunkmap, info->chunk_match_type,
		info->flag_info, info->flag_count,
		hotdrop),
		info, hotdrop),
		XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);
		}