Commit f1f7d270 authored by Al Viro's avatar Al Viro Committed by Adrian Bunk

[EBTABLES]: Verify that ebt_entries have zero ->distinguisher.

We need that for iterator to work; existing check had been too weak.
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
parent d559dd79
...@@ -438,7 +438,7 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e, ...@@ -438,7 +438,7 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
/* beginning of a new chain /* beginning of a new chain
if i == NF_BR_NUMHOOKS it must be a user defined chain */ if i == NF_BR_NUMHOOKS it must be a user defined chain */
if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) { if (e->bitmask != 0) {
/* we make userspace set this right, /* we make userspace set this right,
so there is no misunderstanding */ so there is no misunderstanding */
BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
...@@ -521,7 +521,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -521,7 +521,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
int i; int i;
/* we're only interested in chain starts */ /* we're only interested in chain starts */
if (e->bitmask & EBT_ENTRY_OR_ENTRIES) if (e->bitmask)
return 0; return 0;
for (i = 0; i < NF_BR_NUMHOOKS; i++) { for (i = 0; i < NF_BR_NUMHOOKS; i++) {
if ((valid_hooks & (1 << i)) == 0) if ((valid_hooks & (1 << i)) == 0)
...@@ -571,7 +571,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) ...@@ -571,7 +571,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
{ {
struct ebt_entry_target *t; struct ebt_entry_target *t;
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) if (e->bitmask == 0)
return 0; return 0;
/* we're done */ /* we're done */
if (cnt && (*cnt)-- == 0) if (cnt && (*cnt)-- == 0)
...@@ -597,7 +597,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -597,7 +597,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
int ret; int ret;
/* don't mess with the struct ebt_entries */ /* don't mess with the struct ebt_entries */
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) if (e->bitmask == 0)
return 0; return 0;
if (e->bitmask & ~EBT_F_MASK) { if (e->bitmask & ~EBT_F_MASK) {
...@@ -1320,7 +1320,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) ...@@ -1320,7 +1320,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
char *hlp; char *hlp;
struct ebt_entry_target *t; struct ebt_entry_target *t;
if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) if (e->bitmask == 0)
return 0; return 0;
hlp = ubase - base + (char *)e + e->target_offset; hlp = ubase - base + (char *)e + e->target_offset;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment