=?a?q?=5BPATCH=203/3=5D=20netfilter=3A=20nf=5Ftables=3A=20check=20for=20duplicate=20names=20on=20chain=20rename?=

[kaber@xxxxxxxxx]

From: Patrick McHardy <kaber@xxxxxxxxx>

Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
 net/netfilter/nf_tables_api.c | 12 ++++++++----
 1 Datei geändert, 8 Zeilen hinzugefügt(+), 4 Zeilen entfernt(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 801ead5..ccb7d07 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -746,13 +746,14 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
 		return PTR_ERR(table);
 
 	chain = NULL;
+	name = nla[NFTA_CHAIN_NAME];
+
 	if (nla[NFTA_CHAIN_HANDLE]) {
 		handle = be64_to_cpu(nla_get_be64(nla[NFTA_CHAIN_HANDLE]));
 		chain = nf_tables_chain_lookup_byhandle(table, handle);
 		if (IS_ERR(chain))
 			return PTR_ERR(chain);
 	} else {
-		name = nla[NFTA_CHAIN_NAME];
 		chain = nf_tables_chain_lookup(table, name);
 		if (IS_ERR(chain)) {
 			if (PTR_ERR(chain) != -ENOENT)
@@ -767,6 +768,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
 		if (nlh->nlmsg_flags & NLM_F_REPLACE)
 			return -EOPNOTSUPP;
 
+		if (nla[NFTA_CHAIN_HANDLE] && name &&
+		    !IS_ERR(nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME])))
+			return -EEXIST;
+
 		if (nla[NFTA_CHAIN_POLICY]) {
 			if (!(chain->flags & NFT_BASE_CHAIN))
 				return -EOPNOTSUPP;
@@ -777,9 +782,8 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
 				return err;
 		}
 
-		if (nla[NFTA_CHAIN_HANDLE] && nla[NFTA_CHAIN_NAME])
-			nla_strlcpy(chain->name, nla[NFTA_CHAIN_NAME],
-				    NFT_CHAIN_MAXNAMELEN);
+		if (nla[NFTA_CHAIN_HANDLE] && name)
+			nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN);
 
 		goto notify;
 	}
-- 
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html