[EBTABLES]: Pull the loop doing __ebt_verify_pointers() into a separate function. (70fe9af4) · Commits · e / devices / android_kernel_fairphone_FP4

net/bridge/netfilter/ebtables.c

+41 −37

Original line number	Original line	Diff line number	Diff line
	@@ -393,25 +393,28 @@ ebt_check_watcher(struct ebt_entry_watcher w, struct ebt_entry e,
	return 0;		return 0;
	}		}

	static inline int		static int ebt_verify_pointers(struct ebt_replace *repl,
	__ebt_verify_pointers(struct ebt_entry *e,		struct ebt_table_info *newinfo)
	struct ebt_table_info newinfo, char base, char *limit,
	struct ebt_entries **hook_entries,
	unsigned int valid_hooks)
	{		{
	unsigned int offset = (char *)e - newinfo->entries;		unsigned int limit = repl->entries_size;
	size_t left = (limit - base) - offset;		unsigned int valid_hooks = repl->valid_hooks;
			unsigned int offset = 0;
	int i;		int i;

			while (offset < limit) {
			size_t left = limit - offset;
			struct ebt_entry e = (void )newinfo->entries + offset;

	if (left < sizeof(unsigned int))		if (left < sizeof(unsigned int))
	goto Esmall;		break;

	for (i = 0; i < NF_BR_NUMHOOKS; i++) {		for (i = 0; i < NF_BR_NUMHOOKS; i++) {
	if ((valid_hooks & (1 << i)) == 0)		if ((valid_hooks & (1 << i)) == 0)
	continue;		continue;
	if ((char *)hook_entries[i] == base + offset)		if ((char *)repl->hook_entry[i] == repl->entries + offset)
	break;		break;
	}		}

	if (i != NF_BR_NUMHOOKS \|\| !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {		if (i != NF_BR_NUMHOOKS \|\| !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
	if (e->bitmask != 0) {		if (e->bitmask != 0) {
	/* we make userspace set this right,		/* we make userspace set this right,
	@@ -420,22 +423,25 @@ __ebt_verify_pointers(struct ebt_entry *e,
	"in distinguisher\n");		"in distinguisher\n");
	return -EINVAL;		return -EINVAL;
	}		}
	if (left < sizeof(struct ebt_entries))
	goto Esmall;
	if (i != NF_BR_NUMHOOKS)		if (i != NF_BR_NUMHOOKS)
	newinfo->hook_entry[i] = (struct ebt_entries *)e;		newinfo->hook_entry[i] = (struct ebt_entries *)e;
	return 0;		if (left < sizeof(struct ebt_entries))
	}		break;
			offset += sizeof(struct ebt_entries);
			} else {
	if (left < sizeof(struct ebt_entry))		if (left < sizeof(struct ebt_entry))
	goto Esmall;		break;
	if (left < e->next_offset)		if (left < e->next_offset)
	goto Esmall;		break;
	return 0;		offset += e->next_offset;
			}
	Esmall:		}
			if (offset != limit) {
	BUGPRINT("entries_size too small\n");		BUGPRINT("entries_size too small\n");
	return -EINVAL;		return -EINVAL;
	}		}
			return 0;
			}

	/*		/*
	* this one is very careful, as it is the first function		* this one is very careful, as it is the first function
	@@ -795,9 +801,7 @@ static int translate_table(struct ebt_replace *repl,
	newinfo->entries_size = repl->entries_size;		newinfo->entries_size = repl->entries_size;
	newinfo->nentries = repl->nentries;		newinfo->nentries = repl->nentries;

	ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,		ret = ebt_verify_pointers(repl, newinfo);
	__ebt_verify_pointers, newinfo, repl->entries,
	repl->entries + repl->entries_size, repl->hook_entry, repl->valid_hooks);
	if (ret != 0)		if (ret != 0)
	return ret;		return ret;