netfilter: Use kmemdup_array instead of kmemdup for multiple allocation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When we are allocating an array, using kmemdup_array() to take care about
multiplication and possible overflows.

Also it makes auditing the code easier.

Signed-off-by: Yan Zhen <yanzhen@vivo.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Yan Zhen and committed by

Pablo Neira Ayuso 2 years ago 20eb5e7c 4a1d3acd

+5 -5

5 changed files

expand all

net

bridge

netfilter

ebtables.c

ipv4

netfilter

arp_tables.c

ip_tables.c

ipv6

netfilter

ip6_tables.c

netfilter

nf_nat_core.c

+1 -1

net/bridge/netfilter/ebtables.c

··· 1256 1256 goto free_unlock; 1257 1257 } 1258 1258 1259 - ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL); 1259 + ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL); 1260 1260 if (!ops) { 1261 1261 ret = -ENOMEM; 1262 1262 if (newinfo->nentries)

+1 -1

net/ipv4/netfilter/arp_tables.c

··· 1547 1547 goto out_free; 1548 1548 } 1549 1549 1550 - ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL); 1550 + ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL); 1551 1551 if (!ops) { 1552 1552 ret = -ENOMEM; 1553 1553 goto out_free;

+1 -1

net/ipv4/netfilter/ip_tables.c

··· 1767 1767 goto out_free; 1768 1768 } 1769 1769 1770 - ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL); 1770 + ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL); 1771 1771 if (!ops) { 1772 1772 ret = -ENOMEM; 1773 1773 goto out_free;

+1 -1

net/ipv6/netfilter/ip6_tables.c

··· 1773 1773 goto out_free; 1774 1774 } 1775 1775 1776 - ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL); 1776 + ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL); 1777 1777 if (!ops) { 1778 1778 ret = -ENOMEM; 1779 1779 goto out_free;

+1 -1

net/netfilter/nf_nat_core.c

··· 1104 1104 if (!nat_proto_net->nat_hook_ops) { 1105 1105 WARN_ON(nat_proto_net->users != 0); 1106 1106 1107 - nat_ops = kmemdup(orig_nat_ops, sizeof(*orig_nat_ops) * ops_count, GFP_KERNEL); 1107 + nat_ops = kmemdup_array(orig_nat_ops, ops_count, sizeof(*orig_nat_ops), GFP_KERNEL); 1108 1108 if (!nat_ops) { 1109 1109 mutex_unlock(&nf_nat_proto_mutex); 1110 1110 return -ENOMEM;