Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e4fd77de authored by Al Viro's avatar Al Viro Committed by David S. Miller
Browse files

[EBTABLES]: Move more stuff into ebt_verify_pointers(). 



Take intialization of ->hook_entry[...], ->entries_size and ->nentries
over there, pull the check for empty chains into the end of that sucker.

Now it's self-contained, so we can move it up in the very beginning of
translate_table() *and* we can rely on ->hook_entry[] being properly
transliterated after it.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 70fe9af4

net/bridge/netfilter/ebtables.c

+19 −19
Original line number Diff line number Diff line
@@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl, 
	unsigned int offset = 0;

	int i;



	for (i = 0; i < NF_BR_NUMHOOKS; i++)

		newinfo->hook_entry[i] = NULL;



	newinfo->entries_size = repl->entries_size;

	newinfo->nentries = repl->nentries;



	while (offset < limit) {

		size_t left = limit - offset;

		struct ebt_entry *e = (void *)newinfo->entries + offset;
@@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl, 
		BUGPRINT("entries_size too small\n");

		return -EINVAL;

	}



	/* check if all valid hooks have a chain */

	for (i = 0; i < NF_BR_NUMHOOKS; i++) {

		if (!newinfo->hook_entry[i] &&

		   (valid_hooks & (1 << i))) {

			BUGPRINT("Valid hook without chain\n");

			return -EINVAL;

		}

	}

	return 0;

}
@@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl, 
	int ret;

	struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */



	ret = ebt_verify_pointers(repl, newinfo);

	if (ret != 0)

		return ret;



	i = 0;

	while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))

		i++;
@@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl, 
		i = j;

	}



	for (i = 0; i < NF_BR_NUMHOOKS; i++)

		newinfo->hook_entry[i] = NULL;



	newinfo->entries_size = repl->entries_size;

	newinfo->nentries = repl->nentries;



	ret = ebt_verify_pointers(repl, newinfo);

	if (ret != 0)

		return ret;



	/* do some early checkings and initialize some things */

	i = 0; /* holds the expected nr. of entries for the chain */

	j = 0; /* holds the up to now counted entries for the chain */
@@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl, 
		return -EINVAL;

	}



	/* check if all valid hooks have a chain */

	for (i = 0; i < NF_BR_NUMHOOKS; i++) {

		if (newinfo->hook_entry[i] == NULL &&

		   (repl->valid_hooks & (1 << i))) {

			BUGPRINT("Valid hook without chain\n");

			return -EINVAL;

		}

	}



	/* get the location of the udc, put them in an array

	   while we're at it, allocate the chainstack */

	if (udc_cnt) {