[NETFILTER]: ip6_tables: resync get_entries() with ip_tables
Resync get_entries() with ip_tables.c by moving the checks from the setsockopt handler to the function itself. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
433665c9d1
commit
d924357c50
1 changed files with 18 additions and 19 deletions
|
@ -1082,17 +1082,29 @@ static int get_info(void __user *user, int *len)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
get_entries(const struct ip6t_get_entries *entries,
|
get_entries(struct ip6t_get_entries __user *uptr, int *len)
|
||||||
struct ip6t_get_entries __user *uptr)
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
struct ip6t_get_entries get;
|
||||||
struct xt_table *t;
|
struct xt_table *t;
|
||||||
|
|
||||||
t = xt_find_table_lock(AF_INET6, entries->name);
|
if (*len < sizeof(get)) {
|
||||||
|
duprintf("get_entries: %u < %u\n", *len, sizeof(get));
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
if (copy_from_user(&get, uptr, sizeof(get)) != 0)
|
||||||
|
return -EFAULT;
|
||||||
|
if (*len != sizeof(struct ip6t_get_entries) + get.size) {
|
||||||
|
duprintf("get_entries: %u != %u\n", *len,
|
||||||
|
sizeof(struct ip6t_get_entries) + get.size);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
t = xt_find_table_lock(AF_INET6, get.name);
|
||||||
if (t && !IS_ERR(t)) {
|
if (t && !IS_ERR(t)) {
|
||||||
struct xt_table_info *private = t->private;
|
struct xt_table_info *private = t->private;
|
||||||
duprintf("t->private->number = %u\n", private->number);
|
duprintf("t->private->number = %u\n", private->number);
|
||||||
if (entries->size == private->size)
|
if (get.size == private->size)
|
||||||
ret = copy_entries_to_user(private->size,
|
ret = copy_entries_to_user(private->size,
|
||||||
t, uptr->entrytable);
|
t, uptr->entrytable);
|
||||||
else {
|
else {
|
||||||
|
@ -1322,22 +1334,9 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
|
||||||
ret = get_info(user, len);
|
ret = get_info(user, len);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case IP6T_SO_GET_ENTRIES: {
|
case IP6T_SO_GET_ENTRIES:
|
||||||
struct ip6t_get_entries get;
|
ret = get_entries(user, len);
|
||||||
|
|
||||||
if (*len < sizeof(get)) {
|
|
||||||
duprintf("get_entries: %u < %u\n", *len, sizeof(get));
|
|
||||||
ret = -EINVAL;
|
|
||||||
} else if (copy_from_user(&get, user, sizeof(get)) != 0) {
|
|
||||||
ret = -EFAULT;
|
|
||||||
} else if (*len != sizeof(struct ip6t_get_entries) + get.size) {
|
|
||||||
duprintf("get_entries: %u != %u\n", *len,
|
|
||||||
sizeof(struct ip6t_get_entries) + get.size);
|
|
||||||
ret = -EINVAL;
|
|
||||||
} else
|
|
||||||
ret = get_entries(&get, user);
|
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
case IP6T_SO_GET_REVISION_MATCH:
|
case IP6T_SO_GET_REVISION_MATCH:
|
||||||
case IP6T_SO_GET_REVISION_TARGET: {
|
case IP6T_SO_GET_REVISION_TARGET: {
|
||||||
|
|
Loading…
Reference in a new issue