mirror of https://gitee.com/openkylin/linux.git
[EBTABLES]: Move more stuff into ebt_verify_pointers().
Take intialization of ->hook_entry[...], ->entries_size and ->nentries over there, pull the check for empty chains into the end of that sucker. Now it's self-contained, so we can move it up in the very beginning of translate_table() *and* we can rely on ->hook_entry[] being properly transliterated after it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Al Viro
David S. Miller
parent
70fe9af47e
commit
e4fd77deac
|
|
@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
|
|||
unsigned int offset = 0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NF_BR_NUMHOOKS; i++)
|
||||
newinfo->hook_entry[i] = NULL;
|
||||
|
||||
newinfo->entries_size = repl->entries_size;
|
||||
newinfo->nentries = repl->nentries;
|
||||
|
||||
while (offset < limit) {
|
||||
size_t left = limit - offset;
|
||||
struct ebt_entry *e = (void *)newinfo->entries + offset;
|
||||
|
|
@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
|
|||
BUGPRINT("entries_size too small\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* check if all valid hooks have a chain */
|
||||
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
|
||||
if (!newinfo->hook_entry[i] &&
|
||||
(valid_hooks & (1 << i))) {
|
||||
BUGPRINT("Valid hook without chain\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl,
|
|||
int ret;
|
||||
struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
|
||||
|
||||
ret = ebt_verify_pointers(repl, newinfo);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
i = 0;
|
||||
while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
|
||||
i++;
|
||||
|
|
@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl,
|
|||
i = j;
|
||||
}
|
||||
|
||||
for (i = 0; i < NF_BR_NUMHOOKS; i++)
|
||||
newinfo->hook_entry[i] = NULL;
|
||||
|
||||
newinfo->entries_size = repl->entries_size;
|
||||
newinfo->nentries = repl->nentries;
|
||||
|
||||
ret = ebt_verify_pointers(repl, newinfo);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* do some early checkings and initialize some things */
|
||||
i = 0; /* holds the expected nr. of entries for the chain */
|
||||
j = 0; /* holds the up to now counted entries for the chain */
|
||||
|
|
@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl,
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* check if all valid hooks have a chain */
|
||||
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
|
||||
if (newinfo->hook_entry[i] == NULL &&
|
||||
(repl->valid_hooks & (1 << i))) {
|
||||
BUGPRINT("Valid hook without chain\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
/* get the location of the udc, put them in an array
|
||||
while we're at it, allocate the chainstack */
|
||||
if (udc_cnt) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue