Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3c3f424 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: ipt_CLUSTERIP: add compat code 



Adjust structure size and don't expect pointers passed in from
userspace to be valid. Also replace an enum in an ABI structure
by a fixed size type.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 3569b621

include/linux/netfilter_ipv4/ipt_CLUSTERIP.h

+2 −2
Original line number Diff line number Diff line
@@ -24,7 +24,7 @@ struct ipt_clusterip_tgt_info { 
	u_int16_t num_total_nodes;

	u_int16_t num_local_nodes;

	u_int16_t local_nodes[CLUSTERIP_MAX_NODES];

	enum clusterip_hashmode hash_mode;

	u_int32_t hash_mode;

	u_int32_t hash_initval;



	struct clusterip_config *config;

net/ipv4/netfilter/ipt_CLUSTERIP.c

+20 −19
Original line number Diff line number Diff line
@@ -397,23 +397,7 @@ checkentry(const char *tablename, 
	/* FIXME: further sanity checks */



	config = clusterip_config_find_get(e->ip.dst.s_addr, 1);

	if (config) {

		if (cipinfo->config != NULL) {

			/* Case A: This is an entry that gets reloaded, since

			 * it still has a cipinfo->config pointer. Simply

			 * increase the entry refcount and return */

			if (cipinfo->config != config) {

				printk(KERN_ERR "CLUSTERIP: Reloaded entry "

				       "has invalid config pointer!\n");

				return false;

			}

		} else {

			/* Case B: This is a new rule referring to an existing

			 * clusterip config. */

			cipinfo->config = config;

		}

	} else {

		/* Case C: This is a completely new clusterip config */

	if (!config) {

		if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {

			printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));

			return false;
@@ -440,8 +424,8 @@ checkentry(const char *tablename, 
			}

			dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);

		}

		cipinfo->config = config;

	}

	cipinfo->config = config;



	if (nf_ct_l3proto_try_module_get(target->family) < 0) {

		printk(KERN_WARNING "can't load conntrack support for "
@@ -466,13 +450,30 @@ static void destroy(const struct xt_target *target, void *targinfo) 
	nf_ct_l3proto_module_put(target->family);

}



#ifdef CONFIG_COMPAT

struct compat_ipt_clusterip_tgt_info

{

	u_int32_t	flags;

	u_int8_t	clustermac[6];

	u_int16_t	num_total_nodes;

	u_int16_t	num_local_nodes;

	u_int16_t	local_nodes[CLUSTERIP_MAX_NODES];

	u_int32_t	hash_mode;

	u_int32_t	hash_initval;

	compat_uptr_t	config;

};

#endif /* CONFIG_COMPAT */



static struct xt_target clusterip_tgt __read_mostly = {

	.name		= "CLUSTERIP",

	.family		= AF_INET,

	.target		= target,

	.targetsize	= sizeof(struct ipt_clusterip_tgt_info),

	.checkentry	= checkentry,

	.destroy	= destroy,

	.targetsize	= sizeof(struct ipt_clusterip_tgt_info),

#ifdef CONFIG_COMPAT

	.compatsize	= sizeof(struct compat_ipt_clusterip_tgt_info),

#endif /* CONFIG_COMPAT */

	.me		= THIS_MODULE

};