[iptables,2/4] xtables: Check match/target size vs XT_ALIGN(size) at register time

Message ID 1520413843-24456-3-git-send-email-serhe.popovych@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • iptables: Fix [unsupported revision] for matches/targets after update
Related show

Commit Message

Serhey Popovych March 7, 2018, 9:10 a.m.
Size is known at xtables_register_match()/xtables_register_target()
calls: no need to defer it to final registration steps.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
 libxtables/xtables.c |   30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

Patch

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 5aaa238..33fc158 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -857,6 +857,14 @@  void xtables_register_match(struct xtables_match *me)
 		        xt_params->program_name, me->name, me->revision);
 		exit(1);
 	}
+
+	if (me->size != XT_ALIGN(me->size)) {
+		fprintf(stderr, "%s: match \"%s\" has invalid size %u.\n",
+		        xt_params->program_name, me->name,
+		        (unsigned int)me->size);
+		exit(1);
+	}
+
 	if (strcmp(me->version, XTABLES_VERSION) != 0) {
 		fprintf(stderr, "%s: match \"%s\" has version \"%s\", "
 		        "but \"%s\" is required.\n",
@@ -985,13 +993,6 @@  static bool xtables_fully_register_pending_match(struct xtables_match *me)
 		*i = old->next;
 	}
 
-	if (me->size != XT_ALIGN(me->size)) {
-		fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
-		        xt_params->program_name, me->name,
-		        (unsigned int)me->size);
-		exit(1);
-	}
-
 	/* Append to list. */
 	for (i = &xtables_matches; *i; i = &(*i)->next);
 	me->next = NULL;
@@ -1023,6 +1024,14 @@  void xtables_register_target(struct xtables_target *me)
 		        xt_params->program_name, me->name, me->revision);
 		exit(1);
 	}
+
+	if (me->size != XT_ALIGN(me->size)) {
+		fprintf(stderr, "%s: target \"%s\" has invalid size %u.\n",
+		        xt_params->program_name, me->name,
+		        (unsigned int)me->size);
+		exit(1);
+	}
+
 	if (strcmp(me->version, XTABLES_VERSION) != 0) {
 		fprintf(stderr, "%s: target \"%s\" has version \"%s\", "
 		        "but \"%s\" is required.\n",
@@ -1094,13 +1103,6 @@  static bool xtables_fully_register_pending_target(struct xtables_target *me)
 		*i = old->next;
 	}
 
-	if (me->size != XT_ALIGN(me->size)) {
-		fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
-		        xt_params->program_name, me->name,
-		        (unsigned int)me->size);
-		exit(1);
-	}
-
 	/* Prepend to list. */
 	me->next = xtables_targets;
 	xtables_targets = me;