Florian Westphal <fw@xxxxxxxxx> wrote:
> From: Florian Westphal <fwestphal@xxxxxxxxxx>
>
> Main code for 32 bit userland ebtables binary with 64 bit kernels
> support.
[..]
> +static int compat_copy_everything_to_user(struct ebt_table *t, void __user *user,
> + int *len, int cmd)
[..]
> + if (tmp.num_counters) {
> + if (tmp.num_counters != tinfo.nentries) {
> + BUGPRINT("Num_counters wrong\n");
> + return -EINVAL;
> + }
> + counterstmp = vmalloc(tinfo.nentries * sizeof(*counterstmp));
> + if (!counterstmp)
> + return -ENOMEM;
> +
> + write_lock_bh(&t->lock);
> + get_counters(oldcounters, counterstmp, tinfo.nentries);
> + write_unlock_bh(&t->lock);
> +
> + buf = compat_ptr(tmp.counters);
> + if (copy_to_user(buf, counterstmp, tinfo.nentries * sizeof(*counterstmp))) {
> + vfree(counterstmp);
> + return -EFAULT;
> + }
> + vfree(counterstmp);
> + }
This almost identical to the non-compat case; I'll move this to a common
helper in the next iteration.
Also, compat_do_ebt_get_ctl() does not have the required *len check.
Will fix in next revision.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
