tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: ipv4: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: David S. Miller <davem@davemloft.net>
+9
-8
+3
-2
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+3
-2
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
···
303
303
static int ipv4_tuple_to_nlattr(struct sk_buff *skb,
304
304
const struct nf_conntrack_tuple *tuple)
305
305
{
306
-
NLA_PUT_BE32(skb, CTA_IP_V4_SRC, tuple->src.u3.ip);
307
-
NLA_PUT_BE32(skb, CTA_IP_V4_DST, tuple->dst.u3.ip);
306
+
if (nla_put_be32(skb, CTA_IP_V4_SRC, tuple->src.u3.ip) ||
307
+
nla_put_be32(skb, CTA_IP_V4_DST, tuple->dst.u3.ip))
308
+
goto nla_put_failure;
308
309
return 0;
309
310
310
311
nla_put_failure:
+6
-6
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+6
-6
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
···
228
228
static int icmp_tuple_to_nlattr(struct sk_buff *skb,
229
229
const struct nf_conntrack_tuple *t)
230
230
{
231
-
NLA_PUT_BE16(skb, CTA_PROTO_ICMP_ID, t->src.u.icmp.id);
232
-
NLA_PUT_U8(skb, CTA_PROTO_ICMP_TYPE, t->dst.u.icmp.type);
233
-
NLA_PUT_U8(skb, CTA_PROTO_ICMP_CODE, t->dst.u.icmp.code);
234
-
231
+
if (nla_put_be16(skb, CTA_PROTO_ICMP_ID, t->src.u.icmp.id) ||
232
+
nla_put_u8(skb, CTA_PROTO_ICMP_TYPE, t->dst.u.icmp.type) ||
233
+
nla_put_u8(skb, CTA_PROTO_ICMP_CODE, t->dst.u.icmp.code))
234
+
goto nla_put_failure;
235
235
return 0;
236
236
237
237
nla_put_failure:
···
293
293
{
294
294
const unsigned int *timeout = data;
295
295
296
-
NLA_PUT_BE32(skb, CTA_TIMEOUT_ICMP_TIMEOUT, htonl(*timeout / HZ));
297
-
296
+
if (nla_put_be32(skb, CTA_TIMEOUT_ICMP_TIMEOUT, htonl(*timeout / HZ)))
297
+
goto nla_put_failure;
298
298
return 0;
299
299
300
300
nla_put_failure: