diff options
Diffstat (limited to 'net/netfilter/x_tables.c')
-rw-r--r-- | net/netfilter/x_tables.c | 101 |
1 files changed, 24 insertions, 77 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 71325fef647d..55cb4d197184 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -183,6 +183,9 @@ struct xt_match *xt_find_match(u8 af, const char *name, u8 revision) struct xt_match *m; int err = -ENOENT; + if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN) + return ERR_PTR(-EINVAL); + mutex_lock(&xt[af].mutex); list_for_each_entry(m, &xt[af].match, list) { if (strcmp(m->name, name) == 0) { @@ -229,6 +232,9 @@ struct xt_target *xt_find_target(u8 af, const char *name, u8 revision) struct xt_target *t; int err = -ENOENT; + if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN) + return ERR_PTR(-EINVAL); + mutex_lock(&xt[af].mutex); list_for_each_entry(t, &xt[af].target, list) { if (strcmp(t->name, name) == 0) { @@ -1489,15 +1495,10 @@ void *xt_unregister_table(struct xt_table *table) EXPORT_SYMBOL_GPL(xt_unregister_table); #ifdef CONFIG_PROC_FS -struct xt_names_priv { - struct seq_net_private p; - u_int8_t af; -}; static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos) { - struct xt_names_priv *priv = seq->private; struct net *net = seq_file_net(seq); - u_int8_t af = priv->af; + u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file)); mutex_lock(&xt[af].mutex); return seq_list_start(&net->xt.tables[af], *pos); @@ -1505,17 +1506,15 @@ static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos) static void *xt_table_seq_next(struct seq_file *seq, void *v, loff_t *pos) { - struct xt_names_priv *priv = seq->private; struct net *net = seq_file_net(seq); - u_int8_t af = priv->af; + u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file)); return seq_list_next(v, &net->xt.tables[af], pos); } static void xt_table_seq_stop(struct seq_file *seq, void *v) { - struct xt_names_priv *priv = seq->private; - u_int8_t af = priv->af; + u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file)); mutex_unlock(&xt[af].mutex); } @@ -1536,34 +1535,13 @@ static const struct seq_operations xt_table_seq_ops = { .show = xt_table_seq_show, }; -static int xt_table_open(struct inode *inode, struct file *file) -{ - int ret; - struct xt_names_priv *priv; - - ret = seq_open_net(inode, file, &xt_table_seq_ops, - sizeof(struct xt_names_priv)); - if (!ret) { - priv = ((struct seq_file *)file->private_data)->private; - priv->af = (unsigned long)PDE_DATA(inode); - } - return ret; -} - -static const struct file_operations xt_table_ops = { - .open = xt_table_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_net, -}; - /* * Traverse state for ip{,6}_{tables,matches} for helping crossing * the multi-AF mutexes. */ struct nf_mttg_trav { struct list_head *head, *curr; - uint8_t class, nfproto; + uint8_t class; }; enum { @@ -1580,6 +1558,7 @@ static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos, [MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC, [MTTG_TRAV_NFP_SPEC] = MTTG_TRAV_DONE, }; + uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file)); struct nf_mttg_trav *trav = seq->private; switch (trav->class) { @@ -1594,9 +1573,9 @@ static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos, if (trav->curr != trav->head) break; mutex_unlock(&xt[NFPROTO_UNSPEC].mutex); - mutex_lock(&xt[trav->nfproto].mutex); + mutex_lock(&xt[nfproto].mutex); trav->head = trav->curr = is_target ? - &xt[trav->nfproto].target : &xt[trav->nfproto].match; + &xt[nfproto].target : &xt[nfproto].match; trav->class = next_class[trav->class]; break; case MTTG_TRAV_NFP_SPEC: @@ -1628,6 +1607,7 @@ static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos, static void xt_mttg_seq_stop(struct seq_file *seq, void *v) { + uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file)); struct nf_mttg_trav *trav = seq->private; switch (trav->class) { @@ -1635,7 +1615,7 @@ static void xt_mttg_seq_stop(struct seq_file *seq, void *v) mutex_unlock(&xt[NFPROTO_UNSPEC].mutex); break; case MTTG_TRAV_NFP_SPEC: - mutex_unlock(&xt[trav->nfproto].mutex); + mutex_unlock(&xt[nfproto].mutex); break; } } @@ -1674,24 +1654,6 @@ static const struct seq_operations xt_match_seq_ops = { .show = xt_match_seq_show, }; -static int xt_match_open(struct inode *inode, struct file *file) -{ - struct nf_mttg_trav *trav; - trav = __seq_open_private(file, &xt_match_seq_ops, sizeof(*trav)); - if (!trav) - return -ENOMEM; - - trav->nfproto = (unsigned long)PDE_DATA(inode); - return 0; -} - -static const struct file_operations xt_match_ops = { - .open = xt_match_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_private, -}; - static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos) { return xt_mttg_seq_start(seq, pos, true); @@ -1726,24 +1688,6 @@ static const struct seq_operations xt_target_seq_ops = { .show = xt_target_seq_show, }; -static int xt_target_open(struct inode *inode, struct file *file) -{ - struct nf_mttg_trav *trav; - trav = __seq_open_private(file, &xt_target_seq_ops, sizeof(*trav)); - if (!trav) - return -ENOMEM; - - trav->nfproto = (unsigned long)PDE_DATA(inode); - return 0; -} - -static const struct file_operations xt_target_ops = { - .open = xt_target_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_private, -}; - #define FORMAT_TABLES "_tables_names" #define FORMAT_MATCHES "_tables_matches" #define FORMAT_TARGETS "_tables_targets" @@ -1807,8 +1751,9 @@ int xt_proto_init(struct net *net, u_int8_t af) strlcpy(buf, xt_prefix[af], sizeof(buf)); strlcat(buf, FORMAT_TABLES, sizeof(buf)); - proc = proc_create_data(buf, 0440, net->proc_net, &xt_table_ops, - (void *)(unsigned long)af); + proc = proc_create_net_data(buf, 0440, net->proc_net, &xt_table_seq_ops, + sizeof(struct seq_net_private), + (void *)(unsigned long)af); if (!proc) goto out; if (uid_valid(root_uid) && gid_valid(root_gid)) @@ -1816,8 +1761,9 @@ int xt_proto_init(struct net *net, u_int8_t af) strlcpy(buf, xt_prefix[af], sizeof(buf)); strlcat(buf, FORMAT_MATCHES, sizeof(buf)); - proc = proc_create_data(buf, 0440, net->proc_net, &xt_match_ops, - (void *)(unsigned long)af); + proc = proc_create_seq_private(buf, 0440, net->proc_net, + &xt_match_seq_ops, sizeof(struct nf_mttg_trav), + (void *)(unsigned long)af); if (!proc) goto out_remove_tables; if (uid_valid(root_uid) && gid_valid(root_gid)) @@ -1825,8 +1771,9 @@ int xt_proto_init(struct net *net, u_int8_t af) strlcpy(buf, xt_prefix[af], sizeof(buf)); strlcat(buf, FORMAT_TARGETS, sizeof(buf)); - proc = proc_create_data(buf, 0440, net->proc_net, &xt_target_ops, - (void *)(unsigned long)af); + proc = proc_create_seq_private(buf, 0440, net->proc_net, + &xt_target_seq_ops, sizeof(struct nf_mttg_trav), + (void *)(unsigned long)af); if (!proc) goto out_remove_matches; if (uid_valid(root_uid) && gid_valid(root_gid)) |