From 2ca2559e391448590532e8b87a135ae27902949f Mon Sep 17 00:00:00 2001
From: Sergey Popovich <popovich_sergei@mail.ua>
Date: Mon, 17 Nov 2014 13:44:17 +0200
Subject: netfilter: ipset: Check extensions attributes before getting
 extensions.

Make all extensions attributes checks within ip_set_get_extensions()
and reduce number of duplicated code.

Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 kernel/net/netfilter/ipset/ip_set_core.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'kernel/net/netfilter/ipset/ip_set_core.c')

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 9801bba..3c265e5 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -389,6 +389,15 @@ ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len)
 	}
 	return offset;
 }
+
+	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
+		return -IPSET_ERR_PROTOCOL;
+
 EXPORT_SYMBOL_GPL(ip_set_elem_len);
 
 int
-- 
cgit v1.2.3