mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-09-21 12:11:49 +08:00
netfilter: Use kmemdup_array instead of kmemdup for multiple allocation
When we are allocating an array, using kmemdup_array() to take care about multiplication and possible overflows. Also it makes auditing the code easier. Signed-off-by: Yan Zhen <yanzhen@vivo.com> Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
4a1d3acd6e
commit
20eb5e7cb7
@ -1256,7 +1256,7 @@ int ebt_register_table(struct net *net, const struct ebt_table *input_table,
|
||||
goto free_unlock;
|
||||
}
|
||||
|
||||
ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL);
|
||||
ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL);
|
||||
if (!ops) {
|
||||
ret = -ENOMEM;
|
||||
if (newinfo->nentries)
|
||||
|
@ -1547,7 +1547,7 @@ int arpt_register_table(struct net *net,
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL);
|
||||
ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL);
|
||||
if (!ops) {
|
||||
ret = -ENOMEM;
|
||||
goto out_free;
|
||||
|
@ -1767,7 +1767,7 @@ int ipt_register_table(struct net *net, const struct xt_table *table,
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL);
|
||||
ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL);
|
||||
if (!ops) {
|
||||
ret = -ENOMEM;
|
||||
goto out_free;
|
||||
|
@ -1773,7 +1773,7 @@ int ip6t_register_table(struct net *net, const struct xt_table *table,
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL);
|
||||
ops = kmemdup_array(template_ops, num_ops, sizeof(*ops), GFP_KERNEL);
|
||||
if (!ops) {
|
||||
ret = -ENOMEM;
|
||||
goto out_free;
|
||||
|
@ -1104,7 +1104,7 @@ int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
|
||||
if (!nat_proto_net->nat_hook_ops) {
|
||||
WARN_ON(nat_proto_net->users != 0);
|
||||
|
||||
nat_ops = kmemdup(orig_nat_ops, sizeof(*orig_nat_ops) * ops_count, GFP_KERNEL);
|
||||
nat_ops = kmemdup_array(orig_nat_ops, ops_count, sizeof(*orig_nat_ops), GFP_KERNEL);
|
||||
if (!nat_ops) {
|
||||
mutex_unlock(&nf_nat_proto_mutex);
|
||||
return -ENOMEM;
|
||||
|
Loading…
Reference in New Issue
Block a user