netfilter: ipset: Check extensions attributes before getting extensions.

Make all extensions attributes checks within ip_set_get_extensions() and reduce number of duplicated code. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Sergey Popovich <popovich_sergei@mail.ua> 2015-06-12 19:14:09 (GMT)
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2015-06-14 08:40:13 (GMT)
commit: 7dd37bc8e605d3ce14e6a1bc88ebbfae7ef43b9f (patch)
tree: e4a72aabc8328616343e6d4d27bd21d6e93518d7 /net/netfilter/ipset/ip_set_core.c
parent: edda0791743eafc36382fb893d91547f36edaf7d (diff)
download: linux-7dd37bc8e605d3ce14e6a1bc88ebbfae7ef43b9f.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 347d97a..68ae551 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -389,6 +389,15 @@ ip_set_get_extensions(struct ip_set *set, struct nlattr *tb[],
 		      struct ip_set_ext *ext)
 {
 	u64 fullmark;
+
+	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBMARK) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBPRIO) ||
+		     !ip_set_optattr_netorder(tb, IPSET_ATTR_SKBQUEUE)))
+		return -IPSET_ERR_PROTOCOL;
+
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		if (!SET_WITH_TIMEOUT(set))
 			return -IPSET_ERR_TIMEOUT;
author	Sergey Popovich <popovich_sergei@mail.ua>	2015-06-12 19:14:09 (GMT)
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2015-06-14 08:40:13 (GMT)
commit	7dd37bc8e605d3ce14e6a1bc88ebbfae7ef43b9f (patch)
tree	e4a72aabc8328616343e6d4d27bd21d6e93518d7 /net/netfilter/ipset/ip_set_core.c
parent	edda0791743eafc36382fb893d91547f36edaf7d (diff)
download	linux-7dd37bc8e605d3ce14e6a1bc88ebbfae7ef43b9f.tar.xz