Message ID | 1337003799-2517-1-git-send-email-alban.crequy@collabora.co.uk |
---|---|
State | Superseded |
Headers | show |
On Mon, May 14, 2012 at 02:56:34PM +0100, Alban Crequy wrote: > With the NFPROTO_* constants introduced by commit 7e9c6e ("netfilter: Introduce > NFPROTO_* constants"), it is too easy to confuse PF_* and NFPROTO_* constants > in new protocols. > > Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk> > Reviewed-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk> > Reviewed-by: Vincent Sanders <vincent.sanders@collabora.co.uk> > --- > net/netfilter/core.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/net/netfilter/core.c b/net/netfilter/core.c > index e1b7e05..4f16552 100644 > --- a/net/netfilter/core.c > +++ b/net/netfilter/core.c > @@ -67,6 +67,11 @@ int nf_register_hook(struct nf_hook_ops *reg) > struct nf_hook_ops *elem; > int err; > > + if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS) { > + BUG(); > + return 1; nf_register_hook returns a negative value on error. -EINVAL can be fine. > + } > + > err = mutex_lock_interruptible(&nf_hook_mutex); > if (err < 0) > return err; > -- > 1.7.2.5 > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Monday 2012-05-14 15:56, Alban Crequy wrote: >With the NFPROTO_* constants introduced by commit 7e9c6e ("netfilter: Introduce >NFPROTO_* constants"), it is too easy to confuse PF_* and NFPROTO_* constants >in new protocols. >index e1b7e05..4f16552 100644 >--- a/net/netfilter/core.c >+++ b/net/netfilter/core.c >@@ -67,6 +67,11 @@ int nf_register_hook(struct nf_hook_ops *reg) > struct nf_hook_ops *elem; > int err; > >+ if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS) { >+ BUG(); >+ return 1; >+ } Like always, I'd prefer a WARN() instead, here paired with return -EINVAL. Especially when the error path is (seems) simple, halting the entire machine does not look very nice. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index e1b7e05..4f16552 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -67,6 +67,11 @@ int nf_register_hook(struct nf_hook_ops *reg) struct nf_hook_ops *elem; int err; + if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS) { + BUG(); + return 1; + } + err = mutex_lock_interruptible(&nf_hook_mutex); if (err < 0) return err;