[EBTABLES]: Move more stuff into ebt_verify_pointers().
Take intialization of ->hook_entry[...], ->entries_size and ->nentries over there, pull the check for empty chains into the end of that sucker. Now it's self-contained, so we can move it up in the very beginning of translate_table() *and* we can rely on ->hook_entry[] being properly transliterated after it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Al Viro
David S. Miller
@@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
|
|||||||
unsigned int offset = 0;
|
unsigned int offset = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
for (i = 0; i < NF_BR_NUMHOOKS; i++)
|
||||||
|
newinfo->hook_entry[i] = NULL;
|
||||||
|
|
||||||
|
newinfo->entries_size = repl->entries_size;
|
||||||
|
newinfo->nentries = repl->nentries;
|
||||||
|
|
||||||
while (offset < limit) {
|
while (offset < limit) {
|
||||||
size_t left = limit - offset;
|
size_t left = limit - offset;
|
||||||
struct ebt_entry *e = (void *)newinfo->entries + offset;
|
struct ebt_entry *e = (void *)newinfo->entries + offset;
|
||||||
@@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl,
|
|||||||
BUGPRINT("entries_size too small\n");
|
BUGPRINT("entries_size too small\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* check if all valid hooks have a chain */
|
||||||
|
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
|
||||||
|
if (!newinfo->hook_entry[i] &&
|
||||||
|
(valid_hooks & (1 << i))) {
|
||||||
|
BUGPRINT("Valid hook without chain\n");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl,
|
|||||||
int ret;
|
int ret;
|
||||||
struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
|
struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
|
||||||
|
|
||||||
|
ret = ebt_verify_pointers(repl, newinfo);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
|
while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
|
||||||
i++;
|
i++;
|
||||||
@@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl,
|
|||||||
i = j;
|
i = j;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < NF_BR_NUMHOOKS; i++)
|
|
||||||
newinfo->hook_entry[i] = NULL;
|
|
||||||
|
|
||||||
newinfo->entries_size = repl->entries_size;
|
|
||||||
newinfo->nentries = repl->nentries;
|
|
||||||
|
|
||||||
ret = ebt_verify_pointers(repl, newinfo);
|
|
||||||
if (ret != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
/* do some early checkings and initialize some things */
|
/* do some early checkings and initialize some things */
|
||||||
i = 0; /* holds the expected nr. of entries for the chain */
|
i = 0; /* holds the expected nr. of entries for the chain */
|
||||||
j = 0; /* holds the up to now counted entries for the chain */
|
j = 0; /* holds the up to now counted entries for the chain */
|
||||||
@@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check if all valid hooks have a chain */
|
|
||||||
for (i = 0; i < NF_BR_NUMHOOKS; i++) {
|
|
||||||
if (newinfo->hook_entry[i] == NULL &&
|
|
||||||
(repl->valid_hooks & (1 << i))) {
|
|
||||||
BUGPRINT("Valid hook without chain\n");
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* get the location of the udc, put them in an array
|
/* get the location of the udc, put them in an array
|
||||||
while we're at it, allocate the chainstack */
|
while we're at it, allocate the chainstack */
|
||||||
if (udc_cnt) {
|
if (udc_cnt) {
|
||||||
|
|||||||
Reference in New Issue
Block a user