pending-4.9: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH which is copied to user space in function copy_entries_to_user. The 32bit compat layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to user space for a 64bit kernel and 32 bit user space. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
This commit is contained in:
parent
856c53f175
commit
5e425ad424
1 changed files with 21 additions and 4 deletions
|
@ -76,11 +76,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||
|
||||
counters = alloc_counters(table);
|
||||
if (IS_ERR(counters))
|
||||
@@ -850,6 +879,14 @@ copy_entries_to_user(unsigned int total_
|
||||
ret = -EFAULT;
|
||||
@@ -851,6 +880,14 @@ copy_entries_to_user(unsigned int total_
|
||||
goto free_counters;
|
||||
}
|
||||
+
|
||||
|
||||
+ flags = e->ip.flags & IPT_F_MASK;
|
||||
+ if (copy_to_user(userptr + off
|
||||
+ + offsetof(struct ipt_entry, ip.flags),
|
||||
|
@ -88,6 +87,24 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||
+ ret = -EFAULT;
|
||||
+ goto free_counters;
|
||||
+ }
|
||||
|
||||
+
|
||||
for (i = sizeof(struct ipt_entry);
|
||||
i < e->target_offset;
|
||||
i += m->u.match_size) {
|
||||
@@ -1240,12 +1277,15 @@ compat_copy_entry_to_user(struct ipt_ent
|
||||
compat_uint_t origsize;
|
||||
const struct xt_entry_match *ematch;
|
||||
int ret = 0;
|
||||
+ u8 flags = e->ip.flags & IPT_F_MASK;
|
||||
|
||||
origsize = *size;
|
||||
ce = (struct compat_ipt_entry __user *)*dstptr;
|
||||
if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
|
||||
copy_to_user(&ce->counters, &counters[i],
|
||||
- sizeof(counters[i])) != 0)
|
||||
+ sizeof(counters[i])) != 0 ||
|
||||
+ copy_to_user(&ce->ip.flags, &flags,
|
||||
+ sizeof(flags)) != 0)
|
||||
return -EFAULT;
|
||||
|
||||
*dstptr += sizeof(struct compat_ipt_entry);
|
||||
|
|
Loading…
Reference in a new issue