projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1ec1021)
netfilter: nft_lookup: use nft_validate_register_store() to validate types
authorPatrick McHardy <kaber@trash.net>
Sat, 11 Apr 2015 01:27:28 +0000 (02:27 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 13 Apr 2015 14:25:49 +0000 (16:25 +0200)
In preparation of validating the length of a register store, use
nft_validate_register_store() in nft_lookup instead of open coding the
validation.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c patch | blob | blame | history
net/netfilter/nft_lookup.c patch | blob | blame | history

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a1e4a928f00c25aa9c5855993b52da6989e948f5..c96070e237e73fca90f48a198240249f0e28d39c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4169,7 +4169,7 @@ EXPORT_SYMBOL_GPL(nft_validate_output_register);
  *     Validate that a data load uses the appropriate data type for
  *     the destination register and the length is within the bounds.
  *     A value of NULL for the data means that its runtime gathered
- *     data, which is always of type NFT_DATA_VALUE.
+ *     data.
  */
 int nft_validate_register_store(const struct nft_ctx *ctx,
                                enum nft_registers reg,
@@ -4180,10 +4180,11 @@ int nft_validate_register_store(const struct nft_ctx *ctx,
 
        switch (reg) {
        case NFT_REG_VERDICT:
-               if (data == NULL || type != NFT_DATA_VERDICT)
+               if (type != NFT_DATA_VERDICT)
                        return -EINVAL;
 
-               if (data->verdict == NFT_GOTO || data->verdict == NFT_JUMP) {
+               if (data != NULL &&
+                   (data->verdict == NFT_GOTO || data->verdict == NFT_JUMP)) {
                        err = nf_tables_check_loops(ctx, data->chain);
                        if (err < 0)
                                return err;
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index d8cf86fb30fc33fdf657a03da1320f331bc38c9a..3e4d8efa76bc21e22a6c504452521669b0408665 100644 (file)
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -84,11 +84,10 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
                if (err < 0)
                        return err;
 
-               if (priv->dreg == NFT_REG_VERDICT) {
-                       if (set->dtype != NFT_DATA_VERDICT)
-                               return -EINVAL;
-               } else if (set->dtype == NFT_DATA_VERDICT)
-                       return -EINVAL;
+               err = nft_validate_register_store(ctx, priv->dreg, NULL,
+                                                 set->dtype, set->dlen);
+               if (err < 0)
+                       return err;
        } else if (set->flags & NFT_SET_MAP)
                return -EINVAL;