diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-20 17:54:26 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-20 17:54:26 +0100 |
| commit | 13f42a71e49164769a98fc51033c65a211861404 (patch) | |
| tree | 966741c7765a2cf866f3a67ca4a432178eadfabe /kernel/include | |
| parent | c8396bdc040f4b16e6f6e3f8b81b9fb67a499d9c (diff) | |
Enforce network-order data in the netlink protocol
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
Diffstat (limited to 'kernel/include')
| -rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set.h | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index 7679b33..61b08f1 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -320,15 +320,14 @@ extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb, /* Utility functions */ extern void * ip_set_alloc(size_t size, gfp_t gfp_mask); extern void ip_set_free(void *members); -extern int ip_set_get_ipaddr4(struct nlattr *attr[], int type, __be32 *ipaddr); -extern int ip_set_get_ipaddr6(struct nlattr *attr[], int type, - union nf_inet_addr *ipaddr); +extern int ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr); +extern int ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr); static inline int -ip_set_get_hostipaddr4(struct nlattr *attr[], int type, u32 *ipaddr) +ip_set_get_hostipaddr4(struct nlattr *nla, u32 *ipaddr) { __be32 ip; - int ret = ip_set_get_ipaddr4(attr, type, &ip); + int ret = ip_set_get_ipaddr4(nla, &ip); if (ret) return ret; @@ -343,6 +342,19 @@ ip_set_eexist(int ret, u32 flags) return ret == -IPSET_ERR_EXIST && (flags & IPSET_FLAG_EXIST); } +/* Check the NLA_F_NET_BYTEORDER flag */ +static inline bool +ip_set_attr_netorder(struct nlattr *tb[], int type) +{ + return tb[type] && (tb[type]->nla_type & NLA_F_NET_BYTEORDER); +} + +static inline bool +ip_set_optattr_netorder(struct nlattr *tb[], int type) +{ + return !tb[type] || (tb[type]->nla_type & NLA_F_NET_BYTEORDER); +} + /* Useful converters */ static inline u32 ip_set_get_h32(const struct nlattr *attr) |