netfilter: remove unused comefrom hookmask argument

Orabug: 24690280
CVE: CVE-2016-3134

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 2f06550b3b0e26f54045337e34ec2a1b666bb6c6)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
	net/ipv4/netfilter/ip_tables.c
	net/ipv6/netfilter/ip6_tables.c

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3bcf28bf1525221db9d10810720d360ef55f6610..1dcd8d18d1a6f49095b5339532f078f03d25df00 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1409,7 +1409,6 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
 static int
 compat_find_calc_match(struct xt_entry_match *m,
                       const struct ipt_ip *ip,
-                      unsigned int hookmask,
                       int *size)
 {
        struct xt_match *match;
@@ -1479,8 +1478,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
        entry_offset = (void *)e - (void *)base;
        j = 0;
        xt_ematch_foreach(ematch, e) {
-               ret = compat_find_calc_match(ematch, &e->ip, e->comefrom,
-                                            &off);
+               ret = compat_find_calc_match(ematch, &e->ip, &off);
                if (ret != 0)
                        goto release_matches;
                ++j;

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 5254d76dfce81eb43c684d4cc06d988edc47f37a..b48c375abf38f03fa77a8d113ac99b609319c06c 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1423,7 +1423,6 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
 static int
 compat_find_calc_match(struct xt_entry_match *m,
                       const struct ip6t_ip6 *ipv6,
-                      unsigned int hookmask,
                       int *size)
 {
        struct xt_match *match;
@@ -1493,8 +1492,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
        entry_offset = (void *)e - (void *)base;
        j = 0;
        xt_ematch_foreach(ematch, e) {
-               ret = compat_find_calc_match(ematch, &e->ipv6, e->comefrom,
-                                            &off);
+               ret = compat_find_calc_match(ematch, &e->ipv6, &off);
                if (ret != 0)
                        goto release_matches;
                ++j;