Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dab1531a authored Feb 08, 2010 by Alexey Dobriyan Committed by Patrick McHardy Feb 08, 2010

netfilter: xtables: compat out of scope fix



As per C99 6.2.4(2) when temporary table data goes out of scope,
the behaviour is undefined:

	if (compat) {
		struct foo tmp;
		...
		private = &tmp;
	}
	[dereference private]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>

parent 38c7233b

net/ipv4/netfilter/arp_tables.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -925,10 +925,10 @@ static int get_info(struct net net, void __user user, int *len, int compat)
		if (t && !IS_ERR(t)) {
		struct arpt_getinfo info;
		const struct xt_table_info *private = t->private;

		#ifdef CONFIG_COMPAT
		if (compat) {
		struct xt_table_info tmp;

		if (compat) {
		ret = compat_table_info(private, &tmp);
		xt_compat_flush_offsets(NFPROTO_ARP);
		private = &tmp;

net/ipv4/netfilter/ip_tables.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1132,10 +1132,10 @@ static int get_info(struct net net, void __user user, int *len, int compat)
		if (t && !IS_ERR(t)) {
		struct ipt_getinfo info;
		const struct xt_table_info *private = t->private;

		#ifdef CONFIG_COMPAT
		if (compat) {
		struct xt_table_info tmp;

		if (compat) {
		ret = compat_table_info(private, &tmp);
		xt_compat_flush_offsets(AF_INET);
		private = &tmp;

net/ipv6/netfilter/ip6_tables.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1164,10 +1164,10 @@ static int get_info(struct net net, void __user user, int *len, int compat)
		if (t && !IS_ERR(t)) {
		struct ip6t_getinfo info;
		const struct xt_table_info *private = t->private;

		#ifdef CONFIG_COMPAT
		if (compat) {
		struct xt_table_info tmp;

		if (compat) {
		ret = compat_table_info(private, &tmp);
		xt_compat_flush_offsets(AF_INET6);
		private = &tmp;