module_put(par.match->me);
}
+static int
+check_entry(const struct ipt_entry *e)
+{
+ const struct xt_entry_target *t;
+
+ if (!ip_checkentry(&e->ip))
+ return -EINVAL;
+
+ if (e->target_offset + sizeof(struct xt_entry_target) >
+ e->next_offset)
+ return -EINVAL;
+
+ t = ipt_get_target_c(e);
+ if (e->target_offset + t->u.target_size > e->next_offset)
+ return -EINVAL;
+
+ return 0;
+}
+
+
static int
check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
{
return -EINVAL;
}
- if (!ip_checkentry(&e->ip))
- return -EINVAL;
+ err = check_entry(e);
- err = xt_check_entry_offsets(e, e->elems, e->target_offset,
- e->next_offset);
if (err)
return err;
return -EINVAL;
}
- if (!ip_checkentry(&e->ip))
- return -EINVAL;
+ /* For purposes of check_entry casting the compat entry is fine */
+ ret = check_entry((struct ipt_entry *)e);
- ret = xt_compat_check_entry_offsets(e, e->elems,
- e->target_offset, e->next_offset);
if (ret)
return ret;