summaryrefslogtreecommitdiffstats
path: root/kernel/ip_set_ipportnethash.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/ip_set_ipportnethash.c')
-rw-r--r--kernel/ip_set_ipportnethash.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 3783bb8..0f08ba6 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -106,10 +106,13 @@ static int
ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip_set_ip_t *hash_ip)
{
+ const struct ip_set_ipportnethash *map = set->data;
const struct ip_set_req_ipportnethash *req = data;
if (req->cidr <= 0 || req->cidr > 32)
return -EINVAL;
+ if (!(pack_ip_port(map, req->ip, req->port)))
+ return -ERANGE;
return (req->cidr == 32
? ipportnethash_test(set, hash_ip, req->ip, req->port,
req->ip1)
@@ -119,6 +122,7 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
#define KADT_CONDITION \
ip_set_ip_t port, ip1; \
+ struct ip_set_ipportnethash *map = set->data; \
\
if (flags[index+2] == 0) \
return 0; \
@@ -127,6 +131,8 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip1 = ipaddr(skb, flags[index+2]); \
\
if (port == INVALID_PORT) \
+ return 0; \
+ if (!(pack_ip_port(map, ip, port))) \
return 0;
KADT(ipportnethash, test, ipaddr, port, ip1)
@@ -181,6 +187,8 @@ ipportnethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ if (!(*hash_ip || ip1))
+ return -ERANGE;
ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
if (ret == 0) {