Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 18219d3f authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy
Browse files

netfilter: ebtables: do centralized size checking 



Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent d2f26037

include/linux/netfilter_bridge/ebtables.h

+3 −0
Original line number Diff line number Diff line
@@ -215,6 +215,7 @@ struct ebt_match 
	int (*check)(const char *tablename, unsigned int hookmask,

	   const struct ebt_entry *e, void *matchdata, unsigned int datalen);

	void (*destroy)(void *matchdata, unsigned int datalen);

	unsigned int matchsize;

	struct module *me;

};
@@ -229,6 +230,7 @@ struct ebt_watcher 
	int (*check)(const char *tablename, unsigned int hookmask,

	   const struct ebt_entry *e, void *watcherdata, unsigned int datalen);

	void (*destroy)(void *watcherdata, unsigned int datalen);

	unsigned int targetsize;

	struct module *me;

};
@@ -244,6 +246,7 @@ struct ebt_target 
	int (*check)(const char *tablename, unsigned int hookmask,

	   const struct ebt_entry *e, void *targetdata, unsigned int datalen);

	void (*destroy)(void *targetdata, unsigned int datalen);

	unsigned int targetsize;

	struct module *me;

};

net/bridge/netfilter/ebt_802_3.c

+3 −4
Original line number Diff line number Diff line
@@ -7,10 +7,10 @@ 
 * May 2003

 *

 */



#include <linux/module.h>

#include <linux/netfilter/x_tables.h>

#include <linux/netfilter_bridge/ebtables.h>

#include <linux/netfilter_bridge/ebt_802_3.h>

#include <linux/module.h>



static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in,

   const struct net_device *out, const void *data, unsigned int datalen)
@@ -42,8 +42,6 @@ static int ebt_802_3_check(const char *tablename, unsigned int hookmask, 
{

	const struct ebt_802_3_info *info = data;



	if (datalen < sizeof(struct ebt_802_3_info))

		return -EINVAL;

	if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)

		return -EINVAL;
@@ -54,6 +52,7 @@ static struct ebt_match filter_802_3 __read_mostly = { 
	.name		= EBT_802_3_MATCH,

	.match		= ebt_filter_802_3,

	.check		= ebt_802_3_check,

	.matchsize	= XT_ALIGN(sizeof(struct ebt_802_3_info)),

	.me		= THIS_MODULE,

};

net/bridge/netfilter/ebt_among.c

+1 −0
Original line number Diff line number Diff line
@@ -216,6 +216,7 @@ static struct ebt_match filter_among __read_mostly = { 
	.name		= EBT_AMONG_MATCH,

	.match		= ebt_filter_among,

	.check		= ebt_among_check,

	.matchsize	= -1, /* special case */

	.me		= THIS_MODULE,

};

net/bridge/netfilter/ebt_arp.c

+4 −5
Original line number Diff line number Diff line
@@ -8,12 +8,12 @@ 
 *  April, 2002

 *

 */



#include <linux/netfilter_bridge/ebtables.h>

#include <linux/netfilter_bridge/ebt_arp.h>

#include <linux/if_arp.h>

#include <linux/if_ether.h>

#include <linux/module.h>

#include <linux/netfilter/x_tables.h>

#include <linux/netfilter_bridge/ebtables.h>

#include <linux/netfilter_bridge/ebt_arp.h>



static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in,

   const struct net_device *out, const void *data, unsigned int datalen)
@@ -105,8 +105,6 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask, 
{

	const struct ebt_arp_info *info = data;



	if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info)))

		return -EINVAL;

	if ((e->ethproto != htons(ETH_P_ARP) &&

	   e->ethproto != htons(ETH_P_RARP)) ||

	   e->invflags & EBT_IPROTO)
@@ -120,6 +118,7 @@ static struct ebt_match filter_arp __read_mostly = { 
	.name		= EBT_ARP_MATCH,

	.match		= ebt_filter_arp,

	.check		= ebt_arp_check,

	.matchsize	= XT_ALIGN(sizeof(struct ebt_arp_info)),

	.me		= THIS_MODULE,

};

net/bridge/netfilter/ebt_arpreply.c

+4 −5
Original line number Diff line number Diff line
@@ -8,12 +8,12 @@ 
 *  August, 2003

 *

 */



#include <linux/netfilter_bridge/ebtables.h>

#include <linux/netfilter_bridge/ebt_arpreply.h>

#include <linux/if_arp.h>

#include <net/arp.h>

#include <linux/module.h>

#include <linux/netfilter/x_tables.h>

#include <linux/netfilter_bridge/ebtables.h>

#include <linux/netfilter_bridge/ebt_arpreply.h>



static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,

   const struct net_device *in, const struct net_device *out,
@@ -63,8 +63,6 @@ static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, 
{

	const struct ebt_arpreply_info *info = data;



	if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info)))

		return -EINVAL;

	if (BASE_CHAIN && info->target == EBT_RETURN)

		return -EINVAL;

	if (e->ethproto != htons(ETH_P_ARP) ||
@@ -80,6 +78,7 @@ static struct ebt_target reply_target __read_mostly = { 
	.name		= EBT_ARPREPLY_TARGET,

	.target		= ebt_target_reply,

	.check		= ebt_target_reply_check,

	.targetsize	= XT_ALIGN(sizeof(struct ebt_arpreply_info)),

	.me		= THIS_MODULE,

};