diff options
author | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-10-21 12:09:05 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-10-21 12:09:05 +0000 |
commit | b8d6cfc169bf79b72faaab6ef7940798dbfe9328 (patch) | |
tree | 0bcc128ad3bcfdfca6849cea318e3de51673c6c6 /kernel/ip_set_ipportnethash.c | |
parent | a96e4fca10506462df4ee4035f0f86f09bd9dc34 (diff) |
As the manpage says, zero valued set entries cannot be used with
hash type of sets. Enforce the restriction.
Diffstat (limited to 'kernel/ip_set_ipportnethash.c')
-rw-r--r-- | kernel/ip_set_ipportnethash.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c index 3783bb8..0f08ba6 100644 --- a/kernel/ip_set_ipportnethash.c +++ b/kernel/ip_set_ipportnethash.c @@ -106,10 +106,13 @@ static int ipportnethash_utest(struct ip_set *set, const void *data, size_t size, ip_set_ip_t *hash_ip) { + const struct ip_set_ipportnethash *map = set->data; const struct ip_set_req_ipportnethash *req = data; if (req->cidr <= 0 || req->cidr > 32) return -EINVAL; + if (!(pack_ip_port(map, req->ip, req->port))) + return -ERANGE; return (req->cidr == 32 ? ipportnethash_test(set, hash_ip, req->ip, req->port, req->ip1) @@ -119,6 +122,7 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size, #define KADT_CONDITION \ ip_set_ip_t port, ip1; \ + struct ip_set_ipportnethash *map = set->data; \ \ if (flags[index+2] == 0) \ return 0; \ @@ -127,6 +131,8 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size, ip1 = ipaddr(skb, flags[index+2]); \ \ if (port == INVALID_PORT) \ + return 0; \ + if (!(pack_ip_port(map, ip, port))) \ return 0; KADT(ipportnethash, test, ipaddr, port, ip1) @@ -181,6 +187,8 @@ ipportnethash_add(struct ip_set *set, ip_set_ip_t *hash_ip, return -ERANGE; *hash_ip = pack_ip_port(map, ip, port); + if (!(*hash_ip || ip1)) + return -ERANGE; ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr)); if (ret == 0) { |