pending-4.4: 610-netfilter_match_bypass_default_check: fix 32bit compat layer

Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
owl
Hans Dedecker 2017-10-16 11:29:55 +02:00
parent 02ccffff3e
commit 856c53f175
1 changed files with 21 additions and 4 deletions

View File

@ -67,11 +67,10 @@
counters = alloc_counters(table); counters = alloc_counters(table);
if (IS_ERR(counters)) if (IS_ERR(counters))
@@ -974,6 +1003,14 @@ copy_entries_to_user(unsigned int total_ @@ -975,6 +1004,14 @@ copy_entries_to_user(unsigned int total_
ret = -EFAULT;
goto free_counters; goto free_counters;
} }
+
+ flags = e->ip.flags & IPT_F_MASK; + flags = e->ip.flags & IPT_F_MASK;
+ if (copy_to_user(userptr + off + if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags), + + offsetof(struct ipt_entry, ip.flags),
@ -79,6 +78,24 @@
+ ret = -EFAULT; + ret = -EFAULT;
+ goto free_counters; + goto free_counters;
+ } + }
+
for (i = sizeof(struct ipt_entry); for (i = sizeof(struct ipt_entry);
i < e->target_offset; i < e->target_offset;
i += m->u.match_size) {
@@ -1380,12 +1417,15 @@ compat_copy_entry_to_user(struct ipt_ent
compat_uint_t origsize;
const struct xt_entry_match *ematch;
int ret = 0;
+ u8 flags = e->ip.flags & IPT_F_MASK;
origsize = *size;
ce = (struct compat_ipt_entry __user *)*dstptr;
if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 ||
copy_to_user(&ce->counters, &counters[i],
- sizeof(counters[i])) != 0)
+ sizeof(counters[i])) != 0 ||
+ copy_to_user(&ce->ip.flags, &flags,
+ sizeof(flags)) != 0)
return -EFAULT;
*dstptr += sizeof(struct compat_ipt_entry);