Loading net/ipv4/netfilter/arp_tables.c +10 −20 Original line number Diff line number Diff line Loading @@ -480,23 +480,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, return 1; } static inline int check_entry(const struct arpt_entry *e) { const struct xt_entry_target *t; if (!arp_checkentry(&e->arp)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = arpt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static inline int check_target(struct arpt_entry *e, const char *name) { struct xt_entry_target *t = arpt_get_target(e); Loading Loading @@ -586,7 +569,11 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, return -EINVAL; } err = check_entry(e); if (!arp_checkentry(&e->arp)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1228,8 +1215,11 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct arpt_entry *)e); if (!arp_checkentry(&e->arp)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading net/ipv4/netfilter/ip_tables.c +10 −22 Original line number Diff line number Diff line Loading @@ -573,25 +573,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net) module_put(par.match->me); } static int check_entry(const struct ipt_entry *e) { const struct xt_entry_target *t; if (!ip_checkentry(&e->ip)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = ipt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { Loading Loading @@ -749,7 +730,11 @@ check_entry_size_and_hooks(struct ipt_entry *e, return -EINVAL; } err = check_entry(e); if (!ip_checkentry(&e->ip)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1484,8 +1469,11 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct ipt_entry *)e); if (!ip_checkentry(&e->ip)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading net/ipv6/netfilter/ip6_tables.c +10 −22 Original line number Diff line number Diff line Loading @@ -583,25 +583,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net) module_put(par.match->me); } static int check_entry(const struct ip6t_entry *e) { const struct xt_entry_target *t; if (!ip6_checkentry(&e->ipv6)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = ip6t_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { const struct ip6t_ip6 *ipv6 = par->entryinfo; Loading Loading @@ -760,7 +741,11 @@ check_entry_size_and_hooks(struct ip6t_entry *e, return -EINVAL; } err = check_entry(e); if (!ip6_checkentry(&e->ipv6)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1495,8 +1480,11 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct ip6t_entry *)e); if (!ip6_checkentry(&e->ipv6)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading net/netfilter/x_tables.c +3 −0 Original line number Diff line number Diff line Loading @@ -681,6 +681,9 @@ EXPORT_SYMBOL(xt_compat_check_entry_offsets); * * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. * * This function does not validate the targets or matches themselves, it * only tests that all the offsets and sizes are correct. * * The arp/ip/ip6t_entry structure @base must have passed following tests: * - it must point to a valid memory location * - base to base + next_offset must be accessible, i.e. not exceed allocated Loading Loading
net/ipv4/netfilter/arp_tables.c +10 −20 Original line number Diff line number Diff line Loading @@ -480,23 +480,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, return 1; } static inline int check_entry(const struct arpt_entry *e) { const struct xt_entry_target *t; if (!arp_checkentry(&e->arp)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = arpt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static inline int check_target(struct arpt_entry *e, const char *name) { struct xt_entry_target *t = arpt_get_target(e); Loading Loading @@ -586,7 +569,11 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, return -EINVAL; } err = check_entry(e); if (!arp_checkentry(&e->arp)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1228,8 +1215,11 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct arpt_entry *)e); if (!arp_checkentry(&e->arp)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading
net/ipv4/netfilter/ip_tables.c +10 −22 Original line number Diff line number Diff line Loading @@ -573,25 +573,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net) module_put(par.match->me); } static int check_entry(const struct ipt_entry *e) { const struct xt_entry_target *t; if (!ip_checkentry(&e->ip)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = ipt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { Loading Loading @@ -749,7 +730,11 @@ check_entry_size_and_hooks(struct ipt_entry *e, return -EINVAL; } err = check_entry(e); if (!ip_checkentry(&e->ip)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1484,8 +1469,11 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct ipt_entry *)e); if (!ip_checkentry(&e->ip)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading
net/ipv6/netfilter/ip6_tables.c +10 −22 Original line number Diff line number Diff line Loading @@ -583,25 +583,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net) module_put(par.match->me); } static int check_entry(const struct ip6t_entry *e) { const struct xt_entry_target *t; if (!ip6_checkentry(&e->ipv6)) return -EINVAL; if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = ip6t_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; return 0; } static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { const struct ip6t_ip6 *ipv6 = par->entryinfo; Loading Loading @@ -760,7 +741,11 @@ check_entry_size_and_hooks(struct ip6t_entry *e, return -EINVAL; } err = check_entry(e); if (!ip6_checkentry(&e->ipv6)) return -EINVAL; err = xt_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (err) return err; Loading Loading @@ -1495,8 +1480,11 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, return -EINVAL; } /* For purposes of check_entry casting the compat entry is fine */ ret = check_entry((struct ip6t_entry *)e); if (!ip6_checkentry(&e->ipv6)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset, e->next_offset); if (ret) return ret; Loading
net/netfilter/x_tables.c +3 −0 Original line number Diff line number Diff line Loading @@ -681,6 +681,9 @@ EXPORT_SYMBOL(xt_compat_check_entry_offsets); * * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. * * This function does not validate the targets or matches themselves, it * only tests that all the offsets and sizes are correct. * * The arp/ip/ip6t_entry structure @base must have passed following tests: * - it must point to a valid memory location * - base to base + next_offset must be accessible, i.e. not exceed allocated Loading
