diff options
Diffstat (limited to 'net/netfilter/xt_dccp.c')
| -rw-r--r-- | net/netfilter/xt_dccp.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index e5d3e867328..b63d2a3d80b 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c @@ -10,6 +10,7 @@ #include <linux/module.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/spinlock.h> #include <net/ip.h> #include <linux/dccp.h> @@ -45,10 +46,8 @@ dccp_find_option(u_int8_t option, unsigned int optlen = dh->dccph_doff*4 - __dccp_hdr_len(dh); unsigned int i; - if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { - *hotdrop = true; - return false; - } + if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) + goto invalid; if (!optlen) return false; @@ -57,9 +56,7 @@ dccp_find_option(u_int8_t option, op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf); if (op == NULL) { /* If we don't have the whole header, drop packet. */ - spin_unlock_bh(&dccp_buflock); - *hotdrop = true; - return false; + goto partial; } for (i = 0; i < optlen; ) { @@ -76,6 +73,12 @@ dccp_find_option(u_int8_t option, spin_unlock_bh(&dccp_buflock); return false; + +partial: + spin_unlock_bh(&dccp_buflock); +invalid: + *hotdrop = true; + return false; } @@ -93,7 +96,7 @@ match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, } static bool -dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par) +dccp_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_dccp_info *info = par->matchinfo; const struct dccp_hdr *dh; @@ -104,7 +107,7 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par) dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh); if (dh == NULL) { - *par->hotdrop = true; + par->hotdrop = true; return false; } @@ -117,17 +120,21 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par) && DCCHECK(match_types(dh, info->typemask), XT_DCCP_TYPE, info->flags, info->invflags) && DCCHECK(match_option(info->option, skb, par->thoff, dh, - par->hotdrop), + &par->hotdrop), XT_DCCP_OPTION, info->flags, info->invflags); } -static bool dccp_mt_check(const struct xt_mtchk_param *par) +static int dccp_mt_check(const struct xt_mtchk_param *par) { const struct xt_dccp_info *info = par->matchinfo; - return !(info->flags & ~XT_DCCP_VALID_FLAGS) - && !(info->invflags & ~XT_DCCP_VALID_FLAGS) - && !(info->invflags & ~info->flags); + if (info->flags & ~XT_DCCP_VALID_FLAGS) + return -EINVAL; + if (info->invflags & ~XT_DCCP_VALID_FLAGS) + return -EINVAL; + if (info->invflags & ~info->flags) + return -EINVAL; + return 0; } static struct xt_match dccp_mt_reg[] __read_mostly = { |