Commit 7cf7899d9ee31c88c86ea8459fc4db4bd11cc240
1 parent
6c1dd3b6a3
ipset: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 14 changed files with 309 additions and 258 deletions Side-by-side Diff
- include/linux/netfilter/ipset/ip_set.h
- include/linux/netfilter/ipset/ip_set_ahash.h
- net/netfilter/ipset/ip_set_bitmap_ip.c
- net/netfilter/ipset/ip_set_bitmap_ipmac.c
- net/netfilter/ipset/ip_set_bitmap_port.c
- net/netfilter/ipset/ip_set_core.c
- net/netfilter/ipset/ip_set_hash_ip.c
- net/netfilter/ipset/ip_set_hash_ipport.c
- net/netfilter/ipset/ip_set_hash_ipportip.c
- net/netfilter/ipset/ip_set_hash_ipportnet.c
- net/netfilter/ipset/ip_set_hash_net.c
- net/netfilter/ipset/ip_set_hash_netiface.c
- net/netfilter/ipset/ip_set_hash_netport.c
- net/netfilter/ipset/ip_set_list_set.c
include/linux/netfilter/ipset/ip_set.h
| ... | ... | @@ -411,26 +411,32 @@ |
| 411 | 411 | #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED) |
| 412 | 412 | #define ipset_nest_end(skb, start) nla_nest_end(skb, start) |
| 413 | 413 | |
| 414 | -#define NLA_PUT_IPADDR4(skb, type, ipaddr) \ | |
| 415 | -do { \ | |
| 416 | - struct nlattr *__nested = ipset_nest_start(skb, type); \ | |
| 417 | - \ | |
| 418 | - if (!__nested) \ | |
| 419 | - goto nla_put_failure; \ | |
| 420 | - NLA_PUT_NET32(skb, IPSET_ATTR_IPADDR_IPV4, ipaddr); \ | |
| 421 | - ipset_nest_end(skb, __nested); \ | |
| 422 | -} while (0) | |
| 414 | +static inline int nla_put_ipaddr4(struct sk_buff *skb, int type, __be32 ipaddr) | |
| 415 | +{ | |
| 416 | + struct nlattr *__nested = ipset_nest_start(skb, type); | |
| 417 | + int ret; | |
| 423 | 418 | |
| 424 | -#define NLA_PUT_IPADDR6(skb, type, ipaddrptr) \ | |
| 425 | -do { \ | |
| 426 | - struct nlattr *__nested = ipset_nest_start(skb, type); \ | |
| 427 | - \ | |
| 428 | - if (!__nested) \ | |
| 429 | - goto nla_put_failure; \ | |
| 430 | - NLA_PUT(skb, IPSET_ATTR_IPADDR_IPV6, \ | |
| 431 | - sizeof(struct in6_addr), ipaddrptr); \ | |
| 432 | - ipset_nest_end(skb, __nested); \ | |
| 433 | -} while (0) | |
| 419 | + if (!__nested) | |
| 420 | + return -EMSGSIZE; | |
| 421 | + ret = nla_put_net32(skb, IPSET_ATTR_IPADDR_IPV4, ipaddr); | |
| 422 | + if (!ret) | |
| 423 | + ipset_nest_end(skb, __nested); | |
| 424 | + return ret; | |
| 425 | +} | |
| 426 | + | |
| 427 | +static inline int nla_put_ipaddr6(struct sk_buff *skb, int type, const struct in6_addr *ipaddrptr) | |
| 428 | +{ | |
| 429 | + struct nlattr *__nested = ipset_nest_start(skb, type); | |
| 430 | + int ret; | |
| 431 | + | |
| 432 | + if (!__nested) | |
| 433 | + return -EMSGSIZE; | |
| 434 | + ret = nla_put(skb, IPSET_ATTR_IPADDR_IPV6, | |
| 435 | + sizeof(struct in6_addr), ipaddrptr); | |
| 436 | + if (!ret) | |
| 437 | + ipset_nest_end(skb, __nested); | |
| 438 | + return ret; | |
| 439 | +} | |
| 434 | 440 | |
| 435 | 441 | /* Get address from skbuff */ |
| 436 | 442 | static inline __be32 |
include/linux/netfilter/ipset/ip_set_ahash.h
| ... | ... | @@ -594,17 +594,20 @@ |
| 594 | 594 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
| 595 | 595 | if (!nested) |
| 596 | 596 | goto nla_put_failure; |
| 597 | - NLA_PUT_NET32(skb, IPSET_ATTR_HASHSIZE, | |
| 598 | - htonl(jhash_size(h->table->htable_bits))); | |
| 599 | - NLA_PUT_NET32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem)); | |
| 597 | + if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE, | |
| 598 | + htonl(jhash_size(h->table->htable_bits))) || | |
| 599 | + nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem))) | |
| 600 | + goto nla_put_failure; | |
| 600 | 601 | #ifdef IP_SET_HASH_WITH_NETMASK |
| 601 | - if (h->netmask != HOST_MASK) | |
| 602 | - NLA_PUT_U8(skb, IPSET_ATTR_NETMASK, h->netmask); | |
| 602 | + if (h->netmask != HOST_MASK && | |
| 603 | + nla_put_u8(skb, IPSET_ATTR_NETMASK, h->netmask)) | |
| 604 | + goto nla_put_failure; | |
| 603 | 605 | #endif |
| 604 | - NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); | |
| 605 | - NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)); | |
| 606 | - if (with_timeout(h->timeout)) | |
| 607 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout)); | |
| 606 | + if (nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
| 607 | + nla_put_net32(skb, IPSET_ATTR_MEMSIZE, htonl(memsize)) || | |
| 608 | + (with_timeout(h->timeout) && | |
| 609 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(h->timeout)))) | |
| 610 | + goto nla_put_failure; | |
| 608 | 611 | ipset_nest_end(skb, nested); |
| 609 | 612 | |
| 610 | 613 | return 0; |
net/netfilter/ipset/ip_set_bitmap_ip.c
| ... | ... | @@ -109,8 +109,9 @@ |
| 109 | 109 | } else |
| 110 | 110 | goto nla_put_failure; |
| 111 | 111 | } |
| 112 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, | |
| 113 | - htonl(map->first_ip + id * map->hosts)); | |
| 112 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, | |
| 113 | + htonl(map->first_ip + id * map->hosts))) | |
| 114 | + goto nla_put_failure; | |
| 114 | 115 | ipset_nest_end(skb, nested); |
| 115 | 116 | } |
| 116 | 117 | ipset_nest_end(skb, atd); |
| ... | ... | @@ -194,10 +195,11 @@ |
| 194 | 195 | } else |
| 195 | 196 | goto nla_put_failure; |
| 196 | 197 | } |
| 197 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, | |
| 198 | - htonl(map->first_ip + id * map->hosts)); | |
| 199 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 200 | - htonl(ip_set_timeout_get(members[id]))); | |
| 198 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, | |
| 199 | + htonl(map->first_ip + id * map->hosts)) || | |
| 200 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 201 | + htonl(ip_set_timeout_get(members[id])))) | |
| 202 | + goto nla_put_failure; | |
| 201 | 203 | ipset_nest_end(skb, nested); |
| 202 | 204 | } |
| 203 | 205 | ipset_nest_end(skb, adt); |
| ... | ... | @@ -334,15 +336,16 @@ |
| 334 | 336 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
| 335 | 337 | if (!nested) |
| 336 | 338 | goto nla_put_failure; |
| 337 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, htonl(map->first_ip)); | |
| 338 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)); | |
| 339 | - if (map->netmask != 32) | |
| 340 | - NLA_PUT_U8(skb, IPSET_ATTR_NETMASK, map->netmask); | |
| 341 | - NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); | |
| 342 | - NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, | |
| 343 | - htonl(sizeof(*map) + map->memsize)); | |
| 344 | - if (with_timeout(map->timeout)) | |
| 345 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); | |
| 339 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) || | |
| 340 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) || | |
| 341 | + (map->netmask != 32 && | |
| 342 | + nla_put_u8(skb, IPSET_ATTR_NETMASK, map->netmask)) || | |
| 343 | + nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
| 344 | + nla_put_net32(skb, IPSET_ATTR_MEMSIZE, | |
| 345 | + htonl(sizeof(*map) + map->memsize)) || | |
| 346 | + (with_timeout(map->timeout) && | |
| 347 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)))) | |
| 348 | + goto nla_put_failure; | |
| 346 | 349 | ipset_nest_end(skb, nested); |
| 347 | 350 | |
| 348 | 351 | return 0; |
net/netfilter/ipset/ip_set_bitmap_ipmac.c
| ... | ... | @@ -186,11 +186,12 @@ |
| 186 | 186 | } else |
| 187 | 187 | goto nla_put_failure; |
| 188 | 188 | } |
| 189 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, | |
| 190 | - htonl(map->first_ip + id)); | |
| 191 | - if (elem->match == MAC_FILLED) | |
| 192 | - NLA_PUT(skb, IPSET_ATTR_ETHER, ETH_ALEN, | |
| 193 | - elem->ether); | |
| 189 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, | |
| 190 | + htonl(map->first_ip + id)) || | |
| 191 | + (elem->match == MAC_FILLED && | |
| 192 | + nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN, | |
| 193 | + elem->ether))) | |
| 194 | + goto nla_put_failure; | |
| 194 | 195 | ipset_nest_end(skb, nested); |
| 195 | 196 | } |
| 196 | 197 | ipset_nest_end(skb, atd); |
| 197 | 198 | |
| ... | ... | @@ -314,14 +315,16 @@ |
| 314 | 315 | } else |
| 315 | 316 | goto nla_put_failure; |
| 316 | 317 | } |
| 317 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, | |
| 318 | - htonl(map->first_ip + id)); | |
| 319 | - if (elem->match == MAC_FILLED) | |
| 320 | - NLA_PUT(skb, IPSET_ATTR_ETHER, ETH_ALEN, | |
| 321 | - elem->ether); | |
| 318 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, | |
| 319 | + htonl(map->first_ip + id)) || | |
| 320 | + (elem->match == MAC_FILLED && | |
| 321 | + nla_put(skb, IPSET_ATTR_ETHER, ETH_ALEN, | |
| 322 | + elem->ether))) | |
| 323 | + goto nla_put_failure; | |
| 322 | 324 | timeout = elem->match == MAC_UNSET ? elem->timeout |
| 323 | 325 | : ip_set_timeout_get(elem->timeout); |
| 324 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout)); | |
| 326 | + if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(timeout))) | |
| 327 | + goto nla_put_failure; | |
| 325 | 328 | ipset_nest_end(skb, nested); |
| 326 | 329 | } |
| 327 | 330 | ipset_nest_end(skb, atd); |
| ... | ... | @@ -438,14 +441,16 @@ |
| 438 | 441 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
| 439 | 442 | if (!nested) |
| 440 | 443 | goto nla_put_failure; |
| 441 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, htonl(map->first_ip)); | |
| 442 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)); | |
| 443 | - NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); | |
| 444 | - NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, | |
| 445 | - htonl(sizeof(*map) | |
| 446 | - + (map->last_ip - map->first_ip + 1) * map->dsize)); | |
| 447 | - if (with_timeout(map->timeout)) | |
| 448 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); | |
| 444 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, htonl(map->first_ip)) || | |
| 445 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP_TO, htonl(map->last_ip)) || | |
| 446 | + nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
| 447 | + nla_put_net32(skb, IPSET_ATTR_MEMSIZE, | |
| 448 | + htonl(sizeof(*map) + | |
| 449 | + ((map->last_ip - map->first_ip + 1) * | |
| 450 | + map->dsize))) || | |
| 451 | + (with_timeout(map->timeout) && | |
| 452 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)))) | |
| 453 | + goto nla_put_failure; | |
| 449 | 454 | ipset_nest_end(skb, nested); |
| 450 | 455 | |
| 451 | 456 | return 0; |
net/netfilter/ipset/ip_set_bitmap_port.c
| ... | ... | @@ -96,8 +96,9 @@ |
| 96 | 96 | } else |
| 97 | 97 | goto nla_put_failure; |
| 98 | 98 | } |
| 99 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, | |
| 100 | - htons(map->first_port + id)); | |
| 99 | + if (nla_put_net16(skb, IPSET_ATTR_PORT, | |
| 100 | + htons(map->first_port + id))) | |
| 101 | + goto nla_put_failure; | |
| 101 | 102 | ipset_nest_end(skb, nested); |
| 102 | 103 | } |
| 103 | 104 | ipset_nest_end(skb, atd); |
| ... | ... | @@ -183,10 +184,11 @@ |
| 183 | 184 | } else |
| 184 | 185 | goto nla_put_failure; |
| 185 | 186 | } |
| 186 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, | |
| 187 | - htons(map->first_port + id)); | |
| 188 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 189 | - htonl(ip_set_timeout_get(members[id]))); | |
| 187 | + if (nla_put_net16(skb, IPSET_ATTR_PORT, | |
| 188 | + htons(map->first_port + id)) || | |
| 189 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 190 | + htonl(ip_set_timeout_get(members[id])))) | |
| 191 | + goto nla_put_failure; | |
| 190 | 192 | ipset_nest_end(skb, nested); |
| 191 | 193 | } |
| 192 | 194 | ipset_nest_end(skb, adt); |
| ... | ... | @@ -320,13 +322,14 @@ |
| 320 | 322 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
| 321 | 323 | if (!nested) |
| 322 | 324 | goto nla_put_failure; |
| 323 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, htons(map->first_port)); | |
| 324 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)); | |
| 325 | - NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); | |
| 326 | - NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, | |
| 327 | - htonl(sizeof(*map) + map->memsize)); | |
| 328 | - if (with_timeout(map->timeout)) | |
| 329 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); | |
| 325 | + if (nla_put_net16(skb, IPSET_ATTR_PORT, htons(map->first_port)) || | |
| 326 | + nla_put_net16(skb, IPSET_ATTR_PORT_TO, htons(map->last_port)) || | |
| 327 | + nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
| 328 | + nla_put_net32(skb, IPSET_ATTR_MEMSIZE, | |
| 329 | + htonl(sizeof(*map) + map->memsize)) || | |
| 330 | + (with_timeout(map->timeout) && | |
| 331 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)))) | |
| 332 | + goto nla_put_failure; | |
| 330 | 333 | ipset_nest_end(skb, nested); |
| 331 | 334 | |
| 332 | 335 | return 0; |
net/netfilter/ipset/ip_set_core.c
| ... | ... | @@ -1092,19 +1092,21 @@ |
| 1092 | 1092 | ret = -EMSGSIZE; |
| 1093 | 1093 | goto release_refcount; |
| 1094 | 1094 | } |
| 1095 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); | |
| 1096 | - NLA_PUT_STRING(skb, IPSET_ATTR_SETNAME, set->name); | |
| 1095 | + if (nla_put_u8(skb, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) || | |
| 1096 | + nla_put_string(skb, IPSET_ATTR_SETNAME, set->name)) | |
| 1097 | + goto nla_put_failure; | |
| 1097 | 1098 | if (dump_flags & IPSET_FLAG_LIST_SETNAME) |
| 1098 | 1099 | goto next_set; |
| 1099 | 1100 | switch (cb->args[2]) { |
| 1100 | 1101 | case 0: |
| 1101 | 1102 | /* Core header data */ |
| 1102 | - NLA_PUT_STRING(skb, IPSET_ATTR_TYPENAME, | |
| 1103 | - set->type->name); | |
| 1104 | - NLA_PUT_U8(skb, IPSET_ATTR_FAMILY, | |
| 1105 | - set->family); | |
| 1106 | - NLA_PUT_U8(skb, IPSET_ATTR_REVISION, | |
| 1107 | - set->revision); | |
| 1103 | + if (nla_put_string(skb, IPSET_ATTR_TYPENAME, | |
| 1104 | + set->type->name) || | |
| 1105 | + nla_put_u8(skb, IPSET_ATTR_FAMILY, | |
| 1106 | + set->family) || | |
| 1107 | + nla_put_u8(skb, IPSET_ATTR_REVISION, | |
| 1108 | + set->revision)) | |
| 1109 | + goto nla_put_failure; | |
| 1108 | 1110 | ret = set->variant->head(set, skb); |
| 1109 | 1111 | if (ret < 0) |
| 1110 | 1112 | goto release_refcount; |
| ... | ... | @@ -1410,11 +1412,12 @@ |
| 1410 | 1412 | IPSET_CMD_HEADER); |
| 1411 | 1413 | if (!nlh2) |
| 1412 | 1414 | goto nlmsg_failure; |
| 1413 | - NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); | |
| 1414 | - NLA_PUT_STRING(skb2, IPSET_ATTR_SETNAME, set->name); | |
| 1415 | - NLA_PUT_STRING(skb2, IPSET_ATTR_TYPENAME, set->type->name); | |
| 1416 | - NLA_PUT_U8(skb2, IPSET_ATTR_FAMILY, set->family); | |
| 1417 | - NLA_PUT_U8(skb2, IPSET_ATTR_REVISION, set->revision); | |
| 1415 | + if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) || | |
| 1416 | + nla_put_string(skb2, IPSET_ATTR_SETNAME, set->name) || | |
| 1417 | + nla_put_string(skb2, IPSET_ATTR_TYPENAME, set->type->name) || | |
| 1418 | + nla_put_u8(skb2, IPSET_ATTR_FAMILY, set->family) || | |
| 1419 | + nla_put_u8(skb2, IPSET_ATTR_REVISION, set->revision)) | |
| 1420 | + goto nla_put_failure; | |
| 1418 | 1421 | nlmsg_end(skb2, nlh2); |
| 1419 | 1422 | |
| 1420 | 1423 | ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); |
| ... | ... | @@ -1469,11 +1472,12 @@ |
| 1469 | 1472 | IPSET_CMD_TYPE); |
| 1470 | 1473 | if (!nlh2) |
| 1471 | 1474 | goto nlmsg_failure; |
| 1472 | - NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); | |
| 1473 | - NLA_PUT_STRING(skb2, IPSET_ATTR_TYPENAME, typename); | |
| 1474 | - NLA_PUT_U8(skb2, IPSET_ATTR_FAMILY, family); | |
| 1475 | - NLA_PUT_U8(skb2, IPSET_ATTR_REVISION, max); | |
| 1476 | - NLA_PUT_U8(skb2, IPSET_ATTR_REVISION_MIN, min); | |
| 1475 | + if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL) || | |
| 1476 | + nla_put_string(skb2, IPSET_ATTR_TYPENAME, typename) || | |
| 1477 | + nla_put_u8(skb2, IPSET_ATTR_FAMILY, family) || | |
| 1478 | + nla_put_u8(skb2, IPSET_ATTR_REVISION, max) || | |
| 1479 | + nla_put_u8(skb2, IPSET_ATTR_REVISION_MIN, min)) | |
| 1480 | + goto nla_put_failure; | |
| 1477 | 1481 | nlmsg_end(skb2, nlh2); |
| 1478 | 1482 | |
| 1479 | 1483 | pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len); |
| ... | ... | @@ -1517,7 +1521,8 @@ |
| 1517 | 1521 | IPSET_CMD_PROTOCOL); |
| 1518 | 1522 | if (!nlh2) |
| 1519 | 1523 | goto nlmsg_failure; |
| 1520 | - NLA_PUT_U8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL); | |
| 1524 | + if (nla_put_u8(skb2, IPSET_ATTR_PROTOCOL, IPSET_PROTOCOL)) | |
| 1525 | + goto nla_put_failure; | |
| 1521 | 1526 | nlmsg_end(skb2, nlh2); |
| 1522 | 1527 | |
| 1523 | 1528 | ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); |
net/netfilter/ipset/ip_set_hash_ip.c
| ... | ... | @@ -81,7 +81,8 @@ |
| 81 | 81 | static inline bool |
| 82 | 82 | hash_ip4_data_list(struct sk_buff *skb, const struct hash_ip4_elem *data) |
| 83 | 83 | { |
| 84 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 84 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip)) | |
| 85 | + goto nla_put_failure; | |
| 85 | 86 | return 0; |
| 86 | 87 | |
| 87 | 88 | nla_put_failure: |
| ... | ... | @@ -94,9 +95,10 @@ |
| 94 | 95 | const struct hash_ip4_telem *tdata = |
| 95 | 96 | (const struct hash_ip4_telem *)data; |
| 96 | 97 | |
| 97 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 98 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 99 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 98 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 99 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 100 | + htonl(ip_set_timeout_get(tdata->timeout)))) | |
| 101 | + goto nla_put_failure; | |
| 100 | 102 | |
| 101 | 103 | return 0; |
| 102 | 104 | |
| ... | ... | @@ -262,7 +264,8 @@ |
| 262 | 264 | static bool |
| 263 | 265 | hash_ip6_data_list(struct sk_buff *skb, const struct hash_ip6_elem *data) |
| 264 | 266 | { |
| 265 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 267 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6)) | |
| 268 | + goto nla_put_failure; | |
| 266 | 269 | return 0; |
| 267 | 270 | |
| 268 | 271 | nla_put_failure: |
| ... | ... | @@ -275,9 +278,10 @@ |
| 275 | 278 | const struct hash_ip6_telem *e = |
| 276 | 279 | (const struct hash_ip6_telem *)data; |
| 277 | 280 | |
| 278 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 279 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 280 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 281 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 282 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 283 | + htonl(ip_set_timeout_get(e->timeout)))) | |
| 284 | + goto nla_put_failure; | |
| 281 | 285 | return 0; |
| 282 | 286 | |
| 283 | 287 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_ipport.c
| ... | ... | @@ -93,9 +93,10 @@ |
| 93 | 93 | hash_ipport4_data_list(struct sk_buff *skb, |
| 94 | 94 | const struct hash_ipport4_elem *data) |
| 95 | 95 | { |
| 96 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 97 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 98 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 96 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 97 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 98 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 99 | + goto nla_put_failure; | |
| 99 | 100 | return 0; |
| 100 | 101 | |
| 101 | 102 | nla_put_failure: |
| ... | ... | @@ -109,12 +110,12 @@ |
| 109 | 110 | const struct hash_ipport4_telem *tdata = |
| 110 | 111 | (const struct hash_ipport4_telem *)data; |
| 111 | 112 | |
| 112 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 113 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); | |
| 114 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 115 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 116 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 117 | - | |
| 113 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 114 | + nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) || | |
| 115 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 116 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 117 | + htonl(ip_set_timeout_get(tdata->timeout)))) | |
| 118 | + goto nla_put_failure; | |
| 118 | 119 | return 0; |
| 119 | 120 | |
| 120 | 121 | nla_put_failure: |
| ... | ... | @@ -308,9 +309,10 @@ |
| 308 | 309 | hash_ipport6_data_list(struct sk_buff *skb, |
| 309 | 310 | const struct hash_ipport6_elem *data) |
| 310 | 311 | { |
| 311 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 312 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 313 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 312 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 313 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 314 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 315 | + goto nla_put_failure; | |
| 314 | 316 | return 0; |
| 315 | 317 | |
| 316 | 318 | nla_put_failure: |
| ... | ... | @@ -324,11 +326,12 @@ |
| 324 | 326 | const struct hash_ipport6_telem *e = |
| 325 | 327 | (const struct hash_ipport6_telem *)data; |
| 326 | 328 | |
| 327 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 328 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 329 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 330 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 331 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 329 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 330 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 331 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 332 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 333 | + htonl(ip_set_timeout_get(e->timeout)))) | |
| 334 | + goto nla_put_failure; | |
| 332 | 335 | return 0; |
| 333 | 336 | |
| 334 | 337 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_ipportip.c
| ... | ... | @@ -94,10 +94,11 @@ |
| 94 | 94 | hash_ipportip4_data_list(struct sk_buff *skb, |
| 95 | 95 | const struct hash_ipportip4_elem *data) |
| 96 | 96 | { |
| 97 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 98 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, data->ip2); | |
| 99 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 100 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 97 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 98 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) || | |
| 99 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 100 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 101 | + goto nla_put_failure; | |
| 101 | 102 | return 0; |
| 102 | 103 | |
| 103 | 104 | nla_put_failure: |
| ... | ... | @@ -111,13 +112,13 @@ |
| 111 | 112 | const struct hash_ipportip4_telem *tdata = |
| 112 | 113 | (const struct hash_ipportip4_telem *)data; |
| 113 | 114 | |
| 114 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 115 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, tdata->ip2); | |
| 116 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); | |
| 117 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 118 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 119 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 120 | - | |
| 115 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 116 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) || | |
| 117 | + nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) || | |
| 118 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 119 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 120 | + htonl(ip_set_timeout_get(tdata->timeout)))) | |
| 121 | + goto nla_put_failure; | |
| 121 | 122 | return 0; |
| 122 | 123 | |
| 123 | 124 | nla_put_failure: |
| ... | ... | @@ -319,10 +320,11 @@ |
| 319 | 320 | hash_ipportip6_data_list(struct sk_buff *skb, |
| 320 | 321 | const struct hash_ipportip6_elem *data) |
| 321 | 322 | { |
| 322 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 323 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); | |
| 324 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 325 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 323 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 324 | + nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 325 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 326 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto)) | |
| 327 | + goto nla_put_failure; | |
| 326 | 328 | return 0; |
| 327 | 329 | |
| 328 | 330 | nla_put_failure: |
| ... | ... | @@ -336,12 +338,13 @@ |
| 336 | 338 | const struct hash_ipportip6_telem *e = |
| 337 | 339 | (const struct hash_ipportip6_telem *)data; |
| 338 | 340 | |
| 339 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 340 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); | |
| 341 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 342 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 343 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 344 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 341 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 342 | + nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 343 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 344 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 345 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 346 | + htonl(ip_set_timeout_get(e->timeout)))) | |
| 347 | + goto nla_put_failure; | |
| 345 | 348 | return 0; |
| 346 | 349 | |
| 347 | 350 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_ipportnet.c
| ... | ... | @@ -124,13 +124,14 @@ |
| 124 | 124 | { |
| 125 | 125 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 126 | 126 | |
| 127 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 128 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, data->ip2); | |
| 129 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 130 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); | |
| 131 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 132 | - if (flags) | |
| 133 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 127 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 128 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP2, data->ip2) || | |
| 129 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 130 | + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) || | |
| 131 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 132 | + (flags && | |
| 133 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 134 | + goto nla_put_failure; | |
| 134 | 135 | return 0; |
| 135 | 136 | |
| 136 | 137 | nla_put_failure: |
| ... | ... | @@ -145,16 +146,16 @@ |
| 145 | 146 | (const struct hash_ipportnet4_telem *)data; |
| 146 | 147 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 147 | 148 | |
| 148 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 149 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP2, tdata->ip2); | |
| 150 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); | |
| 151 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); | |
| 152 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 153 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 154 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 155 | - if (flags) | |
| 156 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 157 | - | |
| 149 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 150 | + nla_put_ipaddr4(skb, IPSET_ATTR_IP2, tdata->ip2) || | |
| 151 | + nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) || | |
| 152 | + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) || | |
| 153 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 154 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 155 | + htonl(ip_set_timeout_get(tdata->timeout))) || | |
| 156 | + (flags && | |
| 157 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 158 | + goto nla_put_failure; | |
| 158 | 159 | return 0; |
| 159 | 160 | |
| 160 | 161 | nla_put_failure: |
| ... | ... | @@ -436,13 +437,14 @@ |
| 436 | 437 | { |
| 437 | 438 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 438 | 439 | |
| 439 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 440 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); | |
| 441 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 442 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); | |
| 443 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 444 | - if (flags) | |
| 445 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 440 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 441 | + nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 442 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 443 | + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) || | |
| 444 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 445 | + (flags && | |
| 446 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 447 | + goto nla_put_failure; | |
| 446 | 448 | return 0; |
| 447 | 449 | |
| 448 | 450 | nla_put_failure: |
| ... | ... | @@ -457,15 +459,16 @@ |
| 457 | 459 | (const struct hash_ipportnet6_telem *)data; |
| 458 | 460 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 459 | 461 | |
| 460 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 461 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP2, &data->ip2); | |
| 462 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 463 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR2, data->cidr + 1); | |
| 464 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 465 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 466 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 467 | - if (flags) | |
| 468 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 462 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 463 | + nla_put_ipaddr6(skb, IPSET_ATTR_IP2, &data->ip2.in6) || | |
| 464 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 465 | + nla_put_u8(skb, IPSET_ATTR_CIDR2, data->cidr + 1) || | |
| 466 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 467 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 468 | + htonl(ip_set_timeout_get(e->timeout))) || | |
| 469 | + (flags && | |
| 470 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 471 | + goto nla_put_failure; | |
| 469 | 472 | return 0; |
| 470 | 473 | |
| 471 | 474 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_net.c
| ... | ... | @@ -111,10 +111,11 @@ |
| 111 | 111 | { |
| 112 | 112 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 113 | 113 | |
| 114 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 115 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 116 | - if (flags) | |
| 117 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 114 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 115 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 116 | + (flags && | |
| 117 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 118 | + goto nla_put_failure; | |
| 118 | 119 | return 0; |
| 119 | 120 | |
| 120 | 121 | nla_put_failure: |
| ... | ... | @@ -128,13 +129,13 @@ |
| 128 | 129 | (const struct hash_net4_telem *)data; |
| 129 | 130 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 130 | 131 | |
| 131 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 132 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, tdata->cidr); | |
| 133 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 134 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 135 | - if (flags) | |
| 136 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 137 | - | |
| 132 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 133 | + nla_put_u8(skb, IPSET_ATTR_CIDR, tdata->cidr) || | |
| 134 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 135 | + htonl(ip_set_timeout_get(tdata->timeout))) || | |
| 136 | + (flags && | |
| 137 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 138 | + goto nla_put_failure; | |
| 138 | 139 | return 0; |
| 139 | 140 | |
| 140 | 141 | nla_put_failure: |
| ... | ... | @@ -339,10 +340,11 @@ |
| 339 | 340 | { |
| 340 | 341 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 341 | 342 | |
| 342 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 343 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 344 | - if (flags) | |
| 345 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 343 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 344 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 345 | + (flags && | |
| 346 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 347 | + goto nla_put_failure; | |
| 346 | 348 | return 0; |
| 347 | 349 | |
| 348 | 350 | nla_put_failure: |
| ... | ... | @@ -356,12 +358,13 @@ |
| 356 | 358 | (const struct hash_net6_telem *)data; |
| 357 | 359 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 358 | 360 | |
| 359 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 360 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, e->cidr); | |
| 361 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 362 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 363 | - if (flags) | |
| 364 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 361 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 362 | + nla_put_u8(skb, IPSET_ATTR_CIDR, e->cidr) || | |
| 363 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 364 | + htonl(ip_set_timeout_get(e->timeout))) || | |
| 365 | + (flags && | |
| 366 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 367 | + goto nla_put_failure; | |
| 365 | 368 | return 0; |
| 366 | 369 | |
| 367 | 370 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_netiface.c
| ... | ... | @@ -252,11 +252,12 @@ |
| 252 | 252 | |
| 253 | 253 | if (data->nomatch) |
| 254 | 254 | flags |= IPSET_FLAG_NOMATCH; |
| 255 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 256 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 257 | - NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); | |
| 258 | - if (flags) | |
| 259 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 255 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 256 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 257 | + nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
| 258 | + (flags && | |
| 259 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 260 | + goto nla_put_failure; | |
| 260 | 261 | return 0; |
| 261 | 262 | |
| 262 | 263 | nla_put_failure: |
| ... | ... | @@ -273,13 +274,14 @@ |
| 273 | 274 | |
| 274 | 275 | if (data->nomatch) |
| 275 | 276 | flags |= IPSET_FLAG_NOMATCH; |
| 276 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 277 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 278 | - NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); | |
| 279 | - if (flags) | |
| 280 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 281 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 282 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 277 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 278 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 279 | + nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
| 280 | + (flags && | |
| 281 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))) || | |
| 282 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 283 | + htonl(ip_set_timeout_get(tdata->timeout)))) | |
| 284 | + goto nla_put_failure; | |
| 283 | 285 | |
| 284 | 286 | return 0; |
| 285 | 287 | |
| ... | ... | @@ -555,11 +557,12 @@ |
| 555 | 557 | |
| 556 | 558 | if (data->nomatch) |
| 557 | 559 | flags |= IPSET_FLAG_NOMATCH; |
| 558 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 559 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 560 | - NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); | |
| 561 | - if (flags) | |
| 562 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 560 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 561 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 562 | + nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
| 563 | + (flags && | |
| 564 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 565 | + goto nla_put_failure; | |
| 563 | 566 | return 0; |
| 564 | 567 | |
| 565 | 568 | nla_put_failure: |
| ... | ... | @@ -576,13 +579,14 @@ |
| 576 | 579 | |
| 577 | 580 | if (data->nomatch) |
| 578 | 581 | flags |= IPSET_FLAG_NOMATCH; |
| 579 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 580 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr); | |
| 581 | - NLA_PUT_STRING(skb, IPSET_ATTR_IFACE, data->iface); | |
| 582 | - if (flags) | |
| 583 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 584 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 585 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 582 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 583 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr) || | |
| 584 | + nla_put_string(skb, IPSET_ATTR_IFACE, data->iface) || | |
| 585 | + (flags && | |
| 586 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags))) || | |
| 587 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 588 | + htonl(ip_set_timeout_get(e->timeout)))) | |
| 589 | + goto nla_put_failure; | |
| 586 | 590 | return 0; |
| 587 | 591 | |
| 588 | 592 | nla_put_failure: |
net/netfilter/ipset/ip_set_hash_netport.c
| ... | ... | @@ -124,12 +124,13 @@ |
| 124 | 124 | { |
| 125 | 125 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 126 | 126 | |
| 127 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, data->ip); | |
| 128 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 129 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); | |
| 130 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 131 | - if (flags) | |
| 132 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 127 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, data->ip) || | |
| 128 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 129 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) || | |
| 130 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 131 | + (flags && | |
| 132 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 133 | + goto nla_put_failure; | |
| 133 | 134 | return 0; |
| 134 | 135 | |
| 135 | 136 | nla_put_failure: |
| ... | ... | @@ -144,15 +145,15 @@ |
| 144 | 145 | (const struct hash_netport4_telem *)data; |
| 145 | 146 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 146 | 147 | |
| 147 | - NLA_PUT_IPADDR4(skb, IPSET_ATTR_IP, tdata->ip); | |
| 148 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, tdata->port); | |
| 149 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); | |
| 150 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 151 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 152 | - htonl(ip_set_timeout_get(tdata->timeout))); | |
| 153 | - if (flags) | |
| 154 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 155 | - | |
| 148 | + if (nla_put_ipaddr4(skb, IPSET_ATTR_IP, tdata->ip) || | |
| 149 | + nla_put_net16(skb, IPSET_ATTR_PORT, tdata->port) || | |
| 150 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) || | |
| 151 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 152 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 153 | + htonl(ip_set_timeout_get(tdata->timeout))) || | |
| 154 | + (flags && | |
| 155 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 156 | + goto nla_put_failure; | |
| 156 | 157 | return 0; |
| 157 | 158 | |
| 158 | 159 | nla_put_failure: |
| ... | ... | @@ -402,12 +403,13 @@ |
| 402 | 403 | { |
| 403 | 404 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 404 | 405 | |
| 405 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &data->ip); | |
| 406 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 407 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); | |
| 408 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 409 | - if (flags) | |
| 410 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 406 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &data->ip.in6) || | |
| 407 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 408 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) || | |
| 409 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 410 | + (flags && | |
| 411 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 412 | + goto nla_put_failure; | |
| 411 | 413 | return 0; |
| 412 | 414 | |
| 413 | 415 | nla_put_failure: |
| ... | ... | @@ -422,14 +424,15 @@ |
| 422 | 424 | (const struct hash_netport6_telem *)data; |
| 423 | 425 | u32 flags = data->nomatch ? IPSET_FLAG_NOMATCH : 0; |
| 424 | 426 | |
| 425 | - NLA_PUT_IPADDR6(skb, IPSET_ATTR_IP, &e->ip); | |
| 426 | - NLA_PUT_NET16(skb, IPSET_ATTR_PORT, data->port); | |
| 427 | - NLA_PUT_U8(skb, IPSET_ATTR_CIDR, data->cidr + 1); | |
| 428 | - NLA_PUT_U8(skb, IPSET_ATTR_PROTO, data->proto); | |
| 429 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 430 | - htonl(ip_set_timeout_get(e->timeout))); | |
| 431 | - if (flags) | |
| 432 | - NLA_PUT_NET32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)); | |
| 427 | + if (nla_put_ipaddr6(skb, IPSET_ATTR_IP, &e->ip.in6) || | |
| 428 | + nla_put_net16(skb, IPSET_ATTR_PORT, data->port) || | |
| 429 | + nla_put_u8(skb, IPSET_ATTR_CIDR, data->cidr + 1) || | |
| 430 | + nla_put_u8(skb, IPSET_ATTR_PROTO, data->proto) || | |
| 431 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, | |
| 432 | + htonl(ip_set_timeout_get(e->timeout))) || | |
| 433 | + (flags && | |
| 434 | + nla_put_net32(skb, IPSET_ATTR_CADT_FLAGS, htonl(flags)))) | |
| 435 | + goto nla_put_failure; | |
| 433 | 436 | return 0; |
| 434 | 437 | |
| 435 | 438 | nla_put_failure: |
net/netfilter/ipset/ip_set_list_set.c
| ... | ... | @@ -402,12 +402,13 @@ |
| 402 | 402 | nested = ipset_nest_start(skb, IPSET_ATTR_DATA); |
| 403 | 403 | if (!nested) |
| 404 | 404 | goto nla_put_failure; |
| 405 | - NLA_PUT_NET32(skb, IPSET_ATTR_SIZE, htonl(map->size)); | |
| 406 | - if (with_timeout(map->timeout)) | |
| 407 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout)); | |
| 408 | - NLA_PUT_NET32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)); | |
| 409 | - NLA_PUT_NET32(skb, IPSET_ATTR_MEMSIZE, | |
| 410 | - htonl(sizeof(*map) + map->size * map->dsize)); | |
| 405 | + if (nla_put_net32(skb, IPSET_ATTR_SIZE, htonl(map->size)) || | |
| 406 | + (with_timeout(map->timeout) && | |
| 407 | + nla_put_net32(skb, IPSET_ATTR_TIMEOUT, htonl(map->timeout))) || | |
| 408 | + nla_put_net32(skb, IPSET_ATTR_REFERENCES, htonl(set->ref - 1)) || | |
| 409 | + nla_put_net32(skb, IPSET_ATTR_MEMSIZE, | |
| 410 | + htonl(sizeof(*map) + map->size * map->dsize))) | |
| 411 | + goto nla_put_failure; | |
| 411 | 412 | ipset_nest_end(skb, nested); |
| 412 | 413 | |
| 413 | 414 | return 0; |
| 414 | 415 | |
| ... | ... | @@ -442,13 +443,15 @@ |
| 442 | 443 | } else |
| 443 | 444 | goto nla_put_failure; |
| 444 | 445 | } |
| 445 | - NLA_PUT_STRING(skb, IPSET_ATTR_NAME, | |
| 446 | - ip_set_name_byindex(e->id)); | |
| 446 | + if (nla_put_string(skb, IPSET_ATTR_NAME, | |
| 447 | + ip_set_name_byindex(e->id))) | |
| 448 | + goto nla_put_failure; | |
| 447 | 449 | if (with_timeout(map->timeout)) { |
| 448 | 450 | const struct set_telem *te = |
| 449 | 451 | (const struct set_telem *) e; |
| 450 | - NLA_PUT_NET32(skb, IPSET_ATTR_TIMEOUT, | |
| 451 | - htonl(ip_set_timeout_get(te->timeout))); | |
| 452 | + __be32 to = htonl(ip_set_timeout_get(te->timeout)); | |
| 453 | + if (nla_put_net32(skb, IPSET_ATTR_TIMEOUT, to)) | |
| 454 | + goto nla_put_failure; | |
| 452 | 455 | } |
| 453 | 456 | ipset_nest_end(skb, nested); |
| 454 | 457 | } |