summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2016-10-29 16:56:27 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2016-11-01 22:50:32 +0300
commite41e9d623cd77dbe970b15a4c06a0765c3657bdd (patch)
tree6228a3a577106b902c87388b18f603d5b733f41b /net
parent2fa841938c648fe4359691f41e8e1f37ff1a3aa2 (diff)
downloadlinux-e41e9d623cd77dbe970b15a4c06a0765c3657bdd.tar.xz
netfilter: nf_tables: remove useless U8_MAX validation
After call nft_data_init, size is already validated and desc.len will not exceed the sizeof(struct nft_data), i.e. 16 bytes. So it will never exceed U8_MAX. Furthermore, in nft_immediate_init, we forget to call nft_data_uninit when desc.len exceeds U8_MAX, although this will not happen, but it's a logical mistake. Now remove these redundant validation introduced by commit 36b701fae12a ("netfilter: nf_tables: validate maximum value of u32 netlink attributes") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nft_cmp.c3
-rw-r--r--net/netfilter/nft_immediate.c3
2 files changed, 0 insertions, 6 deletions
diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
index 2e53739812b1..e25b35d70e4d 100644
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -84,9 +84,6 @@ static int nft_cmp_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
if (err < 0)
return err;
- if (desc.len > U8_MAX)
- return -ERANGE;
-
priv->op = ntohl(nla_get_be32(tb[NFTA_CMP_OP]));
priv->len = desc.len;
return 0;
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index d17018ff54e6..4528adea7ede 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -54,9 +54,6 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
if (err < 0)
return err;
- if (desc.len > U8_MAX)
- return -ERANGE;
-
priv->dlen = desc.len;
priv->dreg = nft_parse_register(tb[NFTA_IMMEDIATE_DREG]);