[NETFILTER 06/06]: x_tables: don't use __copy_{from, to}_user on unchecked memory in compat layer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 06/06]: x_tables: don't use __copy_{from, to}_user on unchecked memory in compat layer
Date: Tue,  2 May 2006 22:48:10 +0200 (MEST)	[thread overview]
Message-ID: <20060502204810.7610.43060.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060502204803.7610.72174.sendpatchset@localhost.localdomain>

[NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory in compat layer

Noticed by Linus Torvalds <torvalds@osdl.org>

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit c0a6597ffa6dce9261565319327fa9d060ee8740
tree de902d88c478f87a15325f805f4325100514a5d7
parent b29ae226e0f4b00546194dae9263928e1abae468
author Patrick McHardy <kaber@trash.net> Tue, 02 May 2006 22:28:08 +0200
committer Patrick McHardy <kaber@trash.net> Tue, 02 May 2006 22:28:08 +0200

 net/ipv4/netfilter/ip_tables.c |    6 +++---
 net/netfilter/x_tables.c       |    4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6d1c115..cee3397 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1441,7 +1441,7 @@ static int compat_copy_entry_to_user(str
 	ret = -EFAULT;
 	origsize = *size;
 	ce = (struct compat_ipt_entry __user *)*dstptr;
-	if (__copy_to_user(ce, e, sizeof(struct ipt_entry)))
+	if (copy_to_user(ce, e, sizeof(struct ipt_entry)))
 		goto out;
 
 	*dstptr += sizeof(struct compat_ipt_entry);
@@ -1459,9 +1459,9 @@ static int compat_copy_entry_to_user(str
 		goto out;
 	ret = -EFAULT;
 	next_offset = e->next_offset - (origsize - *size);
-	if (__put_user(target_offset, &ce->target_offset))
+	if (put_user(target_offset, &ce->target_offset))
 		goto out;
-	if (__put_user(next_offset, &ce->next_offset))
+	if (put_user(next_offset, &ce->next_offset))
 		goto out;
 	return 0;
 out:
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 17abf60..99293c6 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -289,7 +289,7 @@ int xt_compat_match(void *match, void **
 		case COMPAT_TO_USER:
 			pm = (struct xt_entry_match *)match;
 			msize = pm->u.user.match_size;
-			if (__copy_to_user(*dstptr, pm, msize)) {
+			if (copy_to_user(*dstptr, pm, msize)) {
 				ret = -EFAULT;
 				break;
 			}
@@ -366,7 +366,7 @@ int xt_compat_target(void *target, void 
 		case COMPAT_TO_USER:
 			pt = (struct xt_entry_target *)target;
 			tsize = pt->u.user.target_size;
-			if (__copy_to_user(*dstptr, pt, tsize)) {
+			if (copy_to_user(*dstptr, pt, tsize)) {
 				ret = -EFAULT;
 				break;
 			}

next prev parent reply	other threads:[~2006-05-02 20:48 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-02 20:48 [NETFILTER 00/06]: Netfilter fixes for 2.6.17 Patrick McHardy
2006-05-02 20:48 ` [NETFILTER 01/06]: H.323 helper: fix endless loop caused by invalid TPKT len Patrick McHardy
2006-05-02 20:48 ` [NETFILTER 02/06]: H.323 helper: fix use of uninitialized data Patrick McHardy
2006-05-02 20:48 ` [NETFILTER 03/06]: SCTP conntrack: fix infinite loop Patrick McHardy
2006-05-02 20:48 ` [NETFILTER 04/06]: NAT: silence unused variable warnings with CONFIG_XFRM=n Patrick McHardy
2006-05-02 20:48 ` [NETFILTER 05/06]: H.323 helper: Change author's email address Patrick McHardy
2006-05-02 20:48 ` Patrick McHardy [this message]
2006-05-04  6:21 ` [NETFILTER 00/06]: Netfilter fixes for 2.6.17 David S. Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6d1c115 dfblob:cee3397 dfblob:17abf60 dfblob:99293c6 )
 OR (
bs:"[NETFILTER 06/06]: x_tables: don't use __copy_{from, to}_user on unchecked memory in compat layer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060502204810.7610.43060.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.