From 73f72f541ac4dab538d4d418b9bbf1707b31342b Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 3 Jul 2000 10:17:57 +0000 Subject: Aligning matchsize and targetsize now responsibility of extension writers (PPC fix). --- extensions/libip6t_icmp.c | 4 ++-- extensions/libip6t_standard.c | 4 ++-- extensions/libip6t_tcp.c | 4 ++-- extensions/libip6t_udp.c | 4 ++-- extensions/libipt_DNAT.c | 4 ++-- extensions/libipt_LOG.c | 4 ++-- extensions/libipt_MARK.c | 4 ++-- extensions/libipt_MASQUERADE.c | 4 ++-- extensions/libipt_REDIRECT.c | 4 ++-- extensions/libipt_REJECT.c | 4 ++-- extensions/libipt_SNAT.c | 4 ++-- extensions/libipt_TOS.c | 4 ++-- extensions/libipt_icmp.c | 4 ++-- extensions/libipt_limit.c | 2 +- extensions/libipt_mac.c | 4 ++-- extensions/libipt_mark.c | 4 ++-- extensions/libipt_multiport.c | 4 ++-- extensions/libipt_owner.c | 4 ++-- extensions/libipt_standard.c | 4 ++-- extensions/libipt_state.c | 4 ++-- extensions/libipt_tcp.c | 8 ++++---- extensions/libipt_tos.c | 4 ++-- extensions/libipt_udp.c | 8 ++++---- extensions/libipt_unclean.c | 4 ++-- iptables.c | 39 ++++++++++++++++++++++++++------------- 25 files changed, 77 insertions(+), 64 deletions(-) diff --git a/extensions/libip6t_icmp.c b/extensions/libip6t_icmp.c index d8641129..8025175a 100644 --- a/extensions/libip6t_icmp.c +++ b/extensions/libip6t_icmp.c @@ -264,8 +264,8 @@ struct ip6tables_match icmp = { NULL, "icmp", NETFILTER_VERSION, - sizeof(struct ip6t_icmp), - sizeof(struct ip6t_icmp), + IP6T_ALIGN(sizeof(struct ip6t_icmp)), + IP6T_ALIGN(sizeof(struct ip6t_icmp)), &help, &init, &parse, diff --git a/extensions/libip6t_standard.c b/extensions/libip6t_standard.c index 589b9058..1ffb1d7a 100644 --- a/extensions/libip6t_standard.c +++ b/extensions/libip6t_standard.c @@ -51,8 +51,8 @@ struct ip6tables_target standard = { NULL, "standard", NETFILTER_VERSION, - sizeof(int), - sizeof(int), + IP6T_ALIGN(sizeof(int)), + IP6T_ALIGN(sizeof(int)), &help, &init, &parse, diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c index 1cbba9a2..28e7bdf6 100644 --- a/extensions/libip6t_tcp.c +++ b/extensions/libip6t_tcp.c @@ -425,8 +425,8 @@ struct ip6tables_match tcp = { NULL, "tcp", NETFILTER_VERSION, - sizeof(struct ip6t_tcp), - sizeof(struct ip6t_tcp), + IP6T_ALIGN(sizeof(struct ip6t_tcp)), + IP6T_ALIGN(sizeof(struct ip6t_tcp)), &help, &init, &parse, diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c index f2c0b6ad..7fe16dd7 100644 --- a/extensions/libip6t_udp.c +++ b/extensions/libip6t_udp.c @@ -235,8 +235,8 @@ struct ip6tables_match udp = { NULL, "udp", NETFILTER_VERSION, - sizeof(struct ip6t_udp), - sizeof(struct ip6t_udp), + IP6T_ALIGN(sizeof(struct ip6t_udp)), + IP6T_ALIGN(sizeof(struct ip6t_udp)), &help, &init, &parse, diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index af08cc0a..8ae9a62b 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -228,8 +228,8 @@ struct iptables_target dnat = { NULL, "DNAT", NETFILTER_VERSION, - sizeof(struct ip_nat_multi_range), - sizeof(struct ip_nat_multi_range), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), &help, &init, &parse, diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index d634cd55..f098df2f 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -244,8 +244,8 @@ struct iptables_target log = { NULL, "LOG", NETFILTER_VERSION, - sizeof(struct ipt_log_info), - sizeof(struct ipt_log_info), + IPT_ALIGN(sizeof(struct ipt_log_info)), + IPT_ALIGN(sizeof(struct ipt_log_info)), &help, &init, &parse, diff --git a/extensions/libipt_MARK.c b/extensions/libipt_MARK.c index b8afe550..ef7d7331 100644 --- a/extensions/libipt_MARK.c +++ b/extensions/libipt_MARK.c @@ -104,8 +104,8 @@ struct iptables_target mark = { NULL, "MARK", NETFILTER_VERSION, - sizeof(struct ipt_mark_target_info), - sizeof(struct ipt_mark_target_info), + IPT_ALIGN(sizeof(struct ipt_mark_target_info)), + IPT_ALIGN(sizeof(struct ipt_mark_target_info)), &help, &init, &parse, diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 902f06f3..2159016d 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -150,8 +150,8 @@ struct iptables_target masq = { NULL, "MASQUERADE", NETFILTER_VERSION, - sizeof(struct ip_nat_multi_range), - sizeof(struct ip_nat_multi_range), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), &help, &init, &parse, diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index dd702430..d729cefe 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -151,8 +151,8 @@ struct iptables_target redir = { NULL, "REDIRECT", NETFILTER_VERSION, - sizeof(struct ip_nat_multi_range), - sizeof(struct ip_nat_multi_range), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), &help, &init, &parse, diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index e13d4b1e..5f723f7c 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -147,8 +147,8 @@ struct iptables_target reject = { NULL, "REJECT", NETFILTER_VERSION, - sizeof(struct ipt_reject_info), - sizeof(struct ipt_reject_info), + IPT_ALIGN(sizeof(struct ipt_reject_info)), + IPT_ALIGN(sizeof(struct ipt_reject_info)), &help, &init, &parse, diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index e1d27523..83f4ce9e 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -228,8 +228,8 @@ struct iptables_target snat = { NULL, "SNAT", NETFILTER_VERSION, - sizeof(struct ip_nat_multi_range), - sizeof(struct ip_nat_multi_range), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), + IPT_ALIGN(sizeof(struct ip_nat_multi_range)), &help, &init, &parse, diff --git a/extensions/libipt_TOS.c b/extensions/libipt_TOS.c index ed599005..0c91cb54 100644 --- a/extensions/libipt_TOS.c +++ b/extensions/libipt_TOS.c @@ -157,8 +157,8 @@ struct iptables_target tos = { NULL, "TOS", NETFILTER_VERSION, - sizeof(struct ipt_tos_target_info), - sizeof(struct ipt_tos_target_info), + IPT_ALIGN(sizeof(struct ipt_tos_target_info)), + IPT_ALIGN(sizeof(struct ipt_tos_target_info)), &help, &init, &parse, diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 0a47e412..63905181 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -279,8 +279,8 @@ struct iptables_match icmp = { NULL, "icmp", NETFILTER_VERSION, - sizeof(struct ipt_icmp), - sizeof(struct ipt_icmp), + IPT_ALIGN(sizeof(struct ipt_icmp)), + IPT_ALIGN(sizeof(struct ipt_icmp)), &help, &init, &parse, diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c index e7dda7bc..58c2ebd0 100644 --- a/extensions/libipt_limit.c +++ b/extensions/libipt_limit.c @@ -181,7 +181,7 @@ struct iptables_match limit = { NULL, "limit", NETFILTER_VERSION, - sizeof(struct ipt_rateinfo), + IPT_ALIGN(sizeof(struct ipt_rateinfo)), offsetof(struct ipt_rateinfo, prev), &help, &init, diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c index f740ecc5..6d61d605 100644 --- a/extensions/libipt_mac.c +++ b/extensions/libipt_mac.c @@ -128,8 +128,8 @@ struct iptables_match mac = { NULL, "mac", NETFILTER_VERSION, - sizeof(struct ipt_mac_info), - sizeof(struct ipt_mac_info), + IPT_ALIGN(sizeof(struct ipt_mac_info)), + IPT_ALIGN(sizeof(struct ipt_mac_info)), &help, &init, &parse, diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c index 2cd6193b..aced5475 100644 --- a/extensions/libipt_mark.c +++ b/extensions/libipt_mark.c @@ -112,8 +112,8 @@ struct iptables_match mark = { NULL, "mark", NETFILTER_VERSION, - sizeof(struct ipt_mark_info), - sizeof(struct ipt_mark_info), + IPT_ALIGN(sizeof(struct ipt_mark_info)), + IPT_ALIGN(sizeof(struct ipt_mark_info)), &help, &init, &parse, diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c index 8c58bddd..bac4621f 100644 --- a/extensions/libipt_multiport.c +++ b/extensions/libipt_multiport.c @@ -245,8 +245,8 @@ struct iptables_match multiport = { NULL, "multiport", NETFILTER_VERSION, - sizeof(struct ipt_multiport), - sizeof(struct ipt_multiport), + IPT_ALIGN(sizeof(struct ipt_multiport)), + IPT_ALIGN(sizeof(struct ipt_multiport)), &help, &init, &parse, diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c index 027f5383..233cd0be 100644 --- a/extensions/libipt_owner.c +++ b/extensions/libipt_owner.c @@ -203,8 +203,8 @@ struct iptables_match owner = { NULL, "owner", NETFILTER_VERSION, - sizeof(struct ipt_owner_info), - sizeof(struct ipt_owner_info), + IPT_ALIGN(sizeof(struct ipt_owner_info)), + IPT_ALIGN(sizeof(struct ipt_owner_info)), &help, &init, &parse, diff --git a/extensions/libipt_standard.c b/extensions/libipt_standard.c index c63669f0..22db24ba 100644 --- a/extensions/libipt_standard.c +++ b/extensions/libipt_standard.c @@ -51,8 +51,8 @@ struct iptables_target standard = { NULL, "standard", NETFILTER_VERSION, - sizeof(int), - sizeof(int), + IPT_ALIGN(sizeof(int)), + IPT_ALIGN(sizeof(int)), &help, &init, &parse, diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index d3dcbc2d..d21ccf16 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -146,8 +146,8 @@ struct iptables_match state = { NULL, "state", NETFILTER_VERSION, - sizeof(struct ipt_state_info), - sizeof(struct ipt_state_info), + IPT_ALIGN(sizeof(struct ipt_state_info)), + IPT_ALIGN(sizeof(struct ipt_state_info)), &help, &init, &parse, diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c index 276d0e2a..47336f6c 100644 --- a/extensions/libipt_tcp.c +++ b/extensions/libipt_tcp.c @@ -374,7 +374,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) const struct ipt_tcp *tcpinfo = (struct ipt_tcp *)match->data; if (tcpinfo->spts[0] != 0 - && tcpinfo->spts[1] != 0xFFFF) { + || tcpinfo->spts[1] != 0xFFFF) { if (tcpinfo->invflags & IPT_TCP_INV_SRCPT) printf("! "); if (tcpinfo->spts[0] @@ -388,7 +388,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } if (tcpinfo->dpts[0] != 0 - && tcpinfo->dpts[1] != 0xFFFF) { + || tcpinfo->dpts[1] != 0xFFFF) { if (tcpinfo->invflags & IPT_TCP_INV_DSTPT) printf("! "); if (tcpinfo->dpts[0] @@ -425,8 +425,8 @@ struct iptables_match tcp = { NULL, "tcp", NETFILTER_VERSION, - sizeof(struct ipt_tcp), - sizeof(struct ipt_tcp), + IPT_ALIGN(sizeof(struct ipt_tcp)), + IPT_ALIGN(sizeof(struct ipt_tcp)), &help, &init, &parse, diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c index 99c89ea7..ec83e18d 100644 --- a/extensions/libipt_tos.c +++ b/extensions/libipt_tos.c @@ -155,8 +155,8 @@ struct iptables_match tos = { NULL, "tos", NETFILTER_VERSION, - sizeof(struct ipt_tos_info), - sizeof(struct ipt_tos_info), + IPT_ALIGN(sizeof(struct ipt_tos_info)), + IPT_ALIGN(sizeof(struct ipt_tos_info)), &help, &init, &parse, diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c index 507937b1..06c61c51 100644 --- a/extensions/libipt_udp.c +++ b/extensions/libipt_udp.c @@ -203,7 +203,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) const struct ipt_udp *udpinfo = (struct ipt_udp *)match->data; if (udpinfo->spts[0] != 0 - && udpinfo->spts[1] != 0xFFFF) { + || udpinfo->spts[1] != 0xFFFF) { if (udpinfo->invflags & IPT_UDP_INV_SRCPT) printf("! "); if (udpinfo->spts[0] @@ -217,7 +217,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } if (udpinfo->dpts[0] != 0 - && udpinfo->dpts[1] != 0xFFFF) { + || udpinfo->dpts[1] != 0xFFFF) { if (udpinfo->invflags & IPT_UDP_INV_DSTPT) printf("! "); if (udpinfo->dpts[0] @@ -235,8 +235,8 @@ struct iptables_match udp = { NULL, "udp", NETFILTER_VERSION, - sizeof(struct ipt_udp), - sizeof(struct ipt_udp), + IPT_ALIGN(sizeof(struct ipt_udp)), + IPT_ALIGN(sizeof(struct ipt_udp)), &help, &init, &parse, diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c index bef513e6..c433bc7c 100644 --- a/extensions/libipt_unclean.c +++ b/extensions/libipt_unclean.c @@ -50,8 +50,8 @@ struct iptables_match unclean = { NULL, "unclean", NETFILTER_VERSION, - 0, - 0, + IPT_ALIGN(0), + IPT_ALIGN(0), &help, &init, &parse, diff --git a/iptables.c b/iptables.c index a3ce827c..6d62cabc 100644 --- a/iptables.c +++ b/iptables.c @@ -928,6 +928,12 @@ register_match(struct iptables_match *me) exit(1); } + if (me->size != IPT_ALIGN(me->size)) { + fprintf(stderr, "%s: match `%s' has invalid size %u.\n", + program_name, me->name, me->size); + exit(1); + } + /* Prepend to list. */ me->next = iptables_matches; iptables_matches = me; @@ -952,6 +958,12 @@ register_target(struct iptables_target *me) exit(1); } + if (me->size != IPT_ALIGN(me->size)) { + fprintf(stderr, "%s: target `%s' has invalid size %u.\n", + program_name, me->name, me->size); + exit(1); + } + /* Prepend to list. */ me->next = iptables_targets; iptables_targets = me; @@ -1266,10 +1278,10 @@ make_delete_mask(struct ipt_entry *fw) size = sizeof(struct ipt_entry); for (m = iptables_matches; m; m = m->next) - size += sizeof(struct ipt_entry_match) + m->size; + size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; mask = fw_calloc(1, size - + sizeof(struct ipt_entry_target) + + IPT_ALIGN(sizeof(struct ipt_entry_target)) + iptables_targets->size); memset(mask, 0xFF, sizeof(struct ipt_entry)); @@ -1277,13 +1289,14 @@ make_delete_mask(struct ipt_entry *fw) for (m = iptables_matches; m; m = m->next) { memset(mptr, 0xFF, - sizeof(struct ipt_entry_match) + m->userspacesize); - mptr += sizeof(struct ipt_entry_match) + m->size; + IPT_ALIGN(sizeof(struct ipt_entry_match)) + + m->userspacesize); + mptr += IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; } - memset(mptr, 0xFF, sizeof(struct ipt_entry_target)); - mptr += sizeof(struct ipt_entry_target); - memset(mptr, 0xFF, iptables_targets->userspacesize); + memset(mptr, 0xFF, + IPT_ALIGN(sizeof(struct ipt_entry_target)) + + iptables_targets->userspacesize); return mask; } @@ -1703,8 +1716,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) if (target) { size_t size; - size = IPT_ALIGN(sizeof(struct ipt_entry_target) - + target->size); + size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + + target->size; target->t = fw_calloc(1, size); target->t->u.target_size = size; @@ -1758,8 +1771,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) "unexpected ! flag before --match"); m = find_match(optarg, LOAD_MUST_SUCCEED); - size = IPT_ALIGN(sizeof(struct ipt_entry_match) - + m->size); + size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + + m->size; m->m = fw_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); @@ -1839,8 +1852,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) /* Try loading protocol */ size_t size; - size = IPT_ALIGN(sizeof(struct ipt_entry_match) - + m->size); + size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + + m->size; m->m = fw_calloc(1, size); m->m->u.match_size = size; -- cgit v1.2.3