aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Dedecker <dedeckeh@gmail.com>2017-10-24 16:46:53 +0200
committerHans Dedecker <dedeckeh@gmail.com>2017-10-24 22:15:37 +0200
commit02ccffff3e28b7dd09b8ecc83826e6af7d824c21 (patch)
tree8a8138b7605b94c09c4bcd74854ff1e8e03890f9
parent20d363aed395e07ff42fe648f898b17f2077cc82 (diff)
downloadupstream-02ccffff3e28b7dd09b8ecc83826e6af7d824c21.tar.gz
upstream-02ccffff3e28b7dd09b8ecc83826e6af7d824c21.tar.bz2
upstream-02ccffff3e28b7dd09b8ecc83826e6af7d824c21.zip
pending-3.18: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH which is copied to user space in function copy_entries_to_user. The 32bit compat layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to user space for a 64bit kernel and 32 bit user space. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
-rw-r--r--target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch25
1 files changed, 21 insertions, 4 deletions
diff --git a/target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch
index 74be425049..e5c7a77b46 100644
--- a/target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch
+++ b/target/linux/generic/pending-3.18/610-netfilter_match_bypass_default_checks.patch
@@ -67,11 +67,10 @@
counters = alloc_counters(table);
if (IS_ERR(counters))
-@@ -972,6 +1001,14 @@ copy_entries_to_user(unsigned int total_
- ret = -EFAULT;
+@@ -973,6 +1002,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
-+
+
+ flags = e->ip.flags & IPT_F_MASK;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
@@ -79,6 +78,24 @@
+ ret = -EFAULT;
+ goto free_counters;
+ }
-
++
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
+ i += m->u.match_size) {
+@@ -1379,12 +1416,15 @@ compat_copy_entry_to_user(struct ipt_ent
+ compat_uint_t origsize;
+ const struct xt_entry_match *ematch;
+ int ret = 0;
++ u8 flags = e->ip.flags & IPT_F_MASK;
+
+ origsize = *size;
+ ce = (struct compat_ipt_entry __user *)*dstptr;
+ if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
+ copy_to_user(&ce->counters, &counters[i],
+- sizeof(counters[i])) != 0)
++ sizeof(counters[i])) != 0 ||
++ copy_to_user(&ce->ip.flags, &flags,
++ sizeof(flags)) != 0)
+ return -EFAULT;
+
+ *dstptr += sizeof(struct compat_ipt_entry);