netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits
David Miller says: The canonical way to validate if the set bits are in a valid range is to have a "_ALL" macro, and test: if (val & ~XT_HASHLIMIT_ALL) goto err;" make it so. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
6d8823db42
commit
1f27e2516c
|
@ -22,10 +22,12 @@ enum {
|
|||
XT_HASHLIMIT_HASH_SPT = 1 << 3,
|
||||
XT_HASHLIMIT_INVERT = 1 << 4,
|
||||
XT_HASHLIMIT_BYTES = 1 << 5,
|
||||
#ifdef __KERNEL__
|
||||
XT_HASHLIMIT_MAX = 1 << 6,
|
||||
#endif
|
||||
};
|
||||
#ifdef __KERNEL__
|
||||
#define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \
|
||||
XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \
|
||||
XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES)
|
||||
#endif
|
||||
|
||||
struct hashlimit_cfg {
|
||||
__u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
|
||||
|
|
|
@ -647,7 +647,7 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (info->cfg.mode >= XT_HASHLIMIT_MAX) {
|
||||
if (info->cfg.mode & ~XT_HASHLIMIT_ALL) {
|
||||
pr_info("Unknown mode mask %X, kernel too old?\n",
|
||||
info->cfg.mode);
|
||||
return -EINVAL;
|
||||
|
|
Loading…
Reference in New Issue