www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 1 Apr 2016 12:17:24 +0000 (14:17 +0200)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Fri, 30 Sep 2016 06:05:18 +0000 (23:05 -0700)
commit	386660e748f6fbba69fa0ee4853bff5ee1ed621c
tree	6d845241aed84f0ce14290ed4e31d2081596a1b5	tree
parent	33242b9f498aa75e2236a50b424e6d09851fc2f6	commit \| diff

netfilter: x_tables: kill check_entry helper

Orabug: 24690280
CVE: CVE-2016-3134

[ Upstream commit aa412ba225dd3bc36d404c28cdc3d674850d80d0 ]

Once we add more sanity testing to xt_check_entry_offsets it
becomes relvant if we're expecting a 32bit 'config_compat' blob
or a normal one.

Since we already have a lot of similar-named functions (check_entry,
compat_check_entry, find_and_check_entry, etc.) and the current
incarnation is short just fold its contents into the callers.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit 801cd32774d12dccfcfc0c22b0b26d84ed995c6f)
Signed-off-by: Brian Maly <brian.maly@oracle.com>

net/ipv4/netfilter/arp_tables.c		diff \| blob \| history
net/ipv4/netfilter/ip_tables.c		diff \| blob \| history
net/ipv6/netfilter/ip6_tables.c		diff \| blob \| history