diff options
author | David S. Miller <davem@davemloft.net> | 2020-07-28 13:43:40 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-07-28 13:43:40 -0700 |
commit | 0003041e7a0bf24594e5d66fe217bbbefdac44ab (patch) | |
tree | 050f16554295c22db098bb4e81021e21d2718c5f /net/ipv4/netfilter/arp_tables.c | |
parent | Merge branch 'mlxsw-Add-support-for-QSFP-DD-transceiver-type' (diff) | |
parent | net: improve the user pointer check in init_user_sockptr (diff) | |
download | wireguard-linux-0003041e7a0bf24594e5d66fe217bbbefdac44ab.tar.xz wireguard-linux-0003041e7a0bf24594e5d66fe217bbbefdac44ab.zip |
Merge branch 'sockptr_t-fixes-v2'
Christoph Hellwig says:
====================
sockptr_t fixes v2
a bunch of fixes for the sockptr_t conversion
Changes since v1:
- fix a user pointer dereference braino in bpfilter
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/arp_tables.c')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index f5b26ef17820..d1e04d2b5170 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1,4 +1,4 @@ - +// SPDX-License-Identifier: GPL-2.0-only /* * Packet matching code for ARP packets. * @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) return -ENOMEM; loc_cpu_entry = newinfo->entries; - sockptr_advance(arg, sizeof(tmp)); - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) { + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp), + tmp.size) != 0) { ret = -EFAULT; goto free_newinfo; } @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) return -ENOMEM; loc_cpu_entry = newinfo->entries; - sockptr_advance(arg, sizeof(tmp)); - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) { + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp), + tmp.size) != 0) { ret = -EFAULT; goto free_newinfo; } |