netfilter: ipset: Check extensions attributes before getting extensions.

Make all extensions attributes checks within ip_set_get_extensions() and reduce number of duplicated code. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Sergey Popovich <popovich_sergei@mail.ua> 2014-11-17 13:44:17 +0200
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2015-03-20 18:58:16 +0100
commit: 2ca2559e391448590532e8b87a135ae27902949f (patch)
tree: d82c5d1e5dd8d0581c8c4b5d704ed7460a6ed015 /kernel/net/netfilter/ipset/ip_set_core.c
parent: 73fa35bf7103c965668d4e9a83bb635ff756cfe8 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 9801bba..3c265e5 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -389,6 +389,15 @@ ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
 	}
 	return offset;
 }
+
+	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
+		return -IPSET_ERR_PROTOCOL;
+
 EXPORT_SYMBOL_GPL(ip_set_elem_len);
 
 int
author	Sergey Popovich <popovich_sergei@mail.ua>	2014-11-17 13:44:17 +0200
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2015-03-20 18:58:16 +0100
commit	2ca2559e391448590532e8b87a135ae27902949f (patch)
tree	d82c5d1e5dd8d0581c8c4b5d704ed7460a6ed015 /kernel/net/netfilter/ipset/ip_set_core.c
parent	73fa35bf7103c965668d4e9a83bb635ff756cfe8 (diff)