X-Git-Url: https://git.stricted.de/?p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git;a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fip_tables.c;fp=net%2Fipv4%2Fnetfilter%2Fip_tables.c;h=8672b124e1cc8e38f84e1c963d695b6e40c713dd;hp=92c8f2727ee92492eae43944d05f6a93842070f1;hb=b9e7bc93d665a989f62f385d6982dd8d92c0e7dd;hpb=2ecaf1d025af0f481d00b3701ffbcc600dcab076

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 92c8f2727ee9..8672b124e1cc 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -562,6 +562,26 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net)
 	module_put(par.match->me);
 }
 
+static int
+check_entry(const struct ipt_entry *e)
+{
+	const struct xt_entry_target *t;
+
+	if (!ip_checkentry(&e->ip))
+		return -EINVAL;
+
+	if (e->target_offset + sizeof(struct xt_entry_target) >
+	    e->next_offset)
+		return -EINVAL;
+
+	t = ipt_get_target_c(e);
+	if (e->target_offset + t->u.target_size > e->next_offset)
+		return -EINVAL;
+
+	return 0;
+}
+
+
 static int
 check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
 {
@@ -718,11 +738,8 @@ check_entry_size_and_hooks(struct ipt_entry *e,
 		return -EINVAL;
 	}
 
-	if (!ip_checkentry(&e->ip))
-		return -EINVAL;
+	err = check_entry(e);
 
-	err = xt_check_entry_offsets(e, e->elems, e->target_offset,
-				     e->next_offset);
 	if (err)
 		return err;
 
@@ -1447,11 +1464,9 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
 		return -EINVAL;
 	}
 
-	if (!ip_checkentry(&e->ip))
-		return -EINVAL;
+	/* For purposes of check_entry casting the compat entry is fine */
+	ret = check_entry((struct ipt_entry *)e);
 
-	ret = xt_compat_check_entry_offsets(e, e->elems,
-					    e->target_offset, e->next_offset);
 	if (ret)
 		return ret;