---

yaml --- r: 6261 b: refs/heads/master c: 927ccbc h: refs/heads/master i: 6259: 6fc6ffc v: v3
git-mirror · Aug 29, 2005 · e90a40e · e90a40e
1 parent 4226cf1
commit e90a40e
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 12 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: bd9a26b7f2ee7567571bb5b7acc1a256c544a0dd
+refs/heads/master: 927ccbcc28dceee29dad876982768cca29738564
diff --git a/trunk/include/linux/netfilter/nfnetlink.h b/trunk/include/linux/netfilter/nfnetlink.h
@@ -85,17 +85,17 @@ struct nfgenmsg {
 
 struct nfnl_callback
 {
-	kernel_cap_t cap_required; /* capabilities required for this msg */
 	int (*call)(struct sock *nl, struct sk_buff *skb, 
 		struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
+	kernel_cap_t cap_required; /* capabilities required for this msg */
+	u_int16_t attr_count;	/* number of nfattr's */
 };
 
 struct nfnetlink_subsystem
 {
 	const char *name;
 	__u8 subsys_id;		/* nfnetlink subsystem ID */
 	__u8 cb_count;		/* number of callbacks */
-	u_int32_t attr_count;	/* number of nfattr's */
 	struct nfnl_callback *cb; /* callback for individual types */
 };
 

diff --git a/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c b/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1484,37 +1484,42 @@ static struct notifier_block ctnl_notifier_exp = {
 
 static struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = {
 	[IPCTNL_MSG_CT_NEW]		= { .call = ctnetlink_new_conntrack,
+					    .attr_count = CTA_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 	[IPCTNL_MSG_CT_GET] 		= { .call = ctnetlink_get_conntrack,
+					    .attr_count = CTA_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 	[IPCTNL_MSG_CT_DELETE]  	= { .call = ctnetlink_del_conntrack,
+					    .attr_count = CTA_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 	[IPCTNL_MSG_CT_GET_CTRZERO] 	= { .call = ctnetlink_get_conntrack,
+					    .attr_count = CTA_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 };
 
 static struct nfnl_callback ctnl_exp_cb[IPCTNL_MSG_MAX] = {
 	[IPCTNL_MSG_EXP_GET]		= { .call = ctnetlink_get_expect,
+					    .attr_count = CTA_EXPECT_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 	[IPCTNL_MSG_EXP_NEW]		= { .call = ctnetlink_new_expect,
+					    .attr_count = CTA_EXPECT_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 	[IPCTNL_MSG_EXP_DELETE]		= { .call = ctnetlink_del_expect,
+					    .attr_count = CTA_EXPECT_MAX,
 					    .cap_required = CAP_NET_ADMIN },
 };
 
 static struct nfnetlink_subsystem ctnl_subsys = {
 	.name				= "conntrack",
 	.subsys_id			= NFNL_SUBSYS_CTNETLINK,
 	.cb_count			= IPCTNL_MSG_MAX,
-	.attr_count			= CTA_MAX,
 	.cb				= ctnl_cb,
 };
 
 static struct nfnetlink_subsystem ctnl_exp_subsys = {
 	.name				= "conntrack_expect",
 	.subsys_id			= NFNL_SUBSYS_CTNETLINK_EXP,
 	.cb_count			= IPCTNL_MSG_EXP_MAX,
-	.attr_count			= CTA_MAX,
 	.cb				= ctnl_exp_cb,
 };
 

diff --git a/trunk/net/netfilter/nfnetlink.c b/trunk/net/netfilter/nfnetlink.c
@@ -155,8 +155,18 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
 			   struct nlmsghdr *nlh, struct nfattr *cda[])
 {
 	int min_len;
+	u_int16_t attr_count;
+	u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);
 
-	memset(cda, 0, sizeof(struct nfattr *) * subsys->attr_count);
+	if (unlikely(cb_id >= subsys->cb_count)) {
+		DEBUGP("msgtype %u >= %u, returning\n",
+			cb_id, subsys->cb_count);
+		return -EINVAL;
+	}
+
+	attr_count = subsys->cb[cb_id].attr_count;
+
+	memset(cda, 0, sizeof(struct nfattr *) * attr_count);
 
 	/* check attribute lengths. */
 	min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));
@@ -170,7 +180,7 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
 		while (NFA_OK(attr, attrlen)) {
 			unsigned flavor = attr->nfa_type;
 			if (flavor) {
-				if (flavor > subsys->attr_count)
+				if (flavor > attr_count)
 					return -EINVAL;
 				cda[flavor - 1] = attr;
 			}
@@ -256,9 +266,11 @@ static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
 	}
 
 	{
-		struct nfattr *cda[ss->attr_count];
+		u_int16_t attr_count = 
+			ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count;
+		struct nfattr *cda[attr_count];
 
-		memset(cda, 0, ss->attr_count*sizeof(struct nfattr *));
+		memset(cda, 0, sizeof(struct nfattr *) * attr_count);
 
 		err = nfnetlink_check_attributes(ss, nlh, cda);
 		if (err < 0)

diff --git a/trunk/net/netfilter/nfnetlink_log.c b/trunk/net/netfilter/nfnetlink_log.c
@@ -805,16 +805,17 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
 
 static struct nfnl_callback nfulnl_cb[NFULNL_MSG_MAX] = {
 	[NFULNL_MSG_PACKET]	= { .call = nfulnl_recv_unsupp,
-				    .cap_required = CAP_NET_ADMIN },
+				    .attr_count = NFULA_MAX,
+				    .cap_required = CAP_NET_ADMIN, },
 	[NFULNL_MSG_CONFIG]	= { .call = nfulnl_recv_config,
+				    .attr_count = NFULA_CFG_MAX,
 				    .cap_required = CAP_NET_ADMIN },
 };
 
 static struct nfnetlink_subsystem nfulnl_subsys = {
 	.name		= "log",
 	.subsys_id	= NFNL_SUBSYS_ULOG,
 	.cb_count	= NFULNL_MSG_MAX,
-	.attr_count	= NFULA_MAX,
 	.cb		= nfulnl_cb,
 };
 

diff --git a/trunk/net/netfilter/nfnetlink_queue.c b/trunk/net/netfilter/nfnetlink_queue.c
@@ -877,18 +877,20 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
 
 static struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = {
 	[NFQNL_MSG_PACKET]	= { .call = nfqnl_recv_unsupp,
+				    .attr_count = NFQA_MAX,
 				    .cap_required = CAP_NET_ADMIN },
 	[NFQNL_MSG_VERDICT]	= { .call = nfqnl_recv_verdict,
+				    .attr_count = NFQA_MAX,
 				    .cap_required = CAP_NET_ADMIN },
 	[NFQNL_MSG_CONFIG]	= { .call = nfqnl_recv_config,
+				    .attr_count = NFQA_CFG_MAX,
 				    .cap_required = CAP_NET_ADMIN },
 };
 
 static struct nfnetlink_subsystem nfqnl_subsys = {
 	.name		= "nf_queue",
 	.subsys_id	= NFNL_SUBSYS_QUEUE,
 	.cb_count	= NFQNL_MSG_MAX,
-	.attr_count	= NFQA_MAX,
 	.cb		= nfqnl_cb,
 };