netfilter: x_tables: kill check_entry helper

[ Upstream commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 ]

Once we add more sanity testing to xt_check_entry_offsets it
becomes relvant if we're expecting a 32bit 'config_compat' blob
or a normal one.

Since we already have a lot of similar-named functions (check_entry,
compat_check_entry, find_and_check_entry, etc.) and the current
incarnation is short just fold its contents into the callers.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Git-commit: aa412ba225dd3bc36d404c28cdc3d674850d80d0
Git-repo: https://android.googlesource.com/kernel/common/


Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>

netfilter: x_tables: check for bogus target offset

[ Upstream commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c ]

We're currently asserting that targetoff + targetsize <= nextoff.

Extend it to also check that targetoff is >= sizeof(xt_entry).
Since this is generic code, add an argument pointing to the start of the
match/target, we can then derive the base structure size from the delta.

We also need the e->elems pointer in a followup change to validate matches.

Change-Id: Ia0c032eb690e2c33720309900b8edc1936ec3244
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
Git-repo: https://android.googlesource.com/kernel/common/


Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>