netfilter: x_tables: remove obsolete check

Since 'netfilter: x_tables: validate targets of jumps' change we
validate that the target aligns exactly with beginning of a rule,
so offset test is now redundant.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 668c5dcb3a5fd132fb064df77a9f21252b6300e3..8cefb7a2606b6183229b65f86c32060d9dcc0f58 100644 (file)
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -461,14 +461,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
                                if (strcmp(t->target.u.user.name,
                                           XT_STANDARD_TARGET) == 0 &&
                                    newpos >= 0) {
-                                       if (newpos > newinfo->size -
-                                               sizeof(struct arpt_entry)) {
-                                               duprintf("mark_source_chains: "
-                                                       "bad verdict (%i)\n",
-                                                               newpos);
-                                               return 0;
-                                       }
-
                                        /* This a jump; chase it. */
                                        duprintf("Jump rule %u -> %u\n",
                                                 pos, newpos);

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 4585aa78c4cae4fc46f0dc35a418b1e06d8bb2cc..9340ce0a7549fcfbf4f56dae44245d39bd0e0a8c 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -542,13 +542,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
                                if (strcmp(t->target.u.user.name,
                                           XT_STANDARD_TARGET) == 0 &&
                                    newpos >= 0) {
-                                       if (newpos > newinfo->size -
-                                               sizeof(struct ipt_entry)) {
-                                               duprintf("mark_source_chains: "
-                                                       "bad verdict (%i)\n",
-                                                               newpos);
-                                               return 0;
-                                       }
                                        /* This a jump; chase it. */
                                        duprintf("Jump rule %u -> %u\n",
                                                 pos, newpos);

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index fd06251f504c1f14a1b72ed51c9627f89d2f2871..aa010856a255c71cadf324dfdec03541abce4ce9 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -554,13 +554,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
                                if (strcmp(t->target.u.user.name,
                                           XT_STANDARD_TARGET) == 0 &&
                                    newpos >= 0) {
-                                       if (newpos > newinfo->size -
-                                               sizeof(struct ip6t_entry)) {
-                                               duprintf("mark_source_chains: "
-                                                       "bad verdict (%i)\n",
-                                                               newpos);
-                                               return 0;
-                                       }
                                        /* This a jump; chase it. */
                                        duprintf("Jump rule %u -> %u\n",
                                                 pos, newpos);