X-Git-Url: https://git.kernelconcepts.de/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fip_tables.c;h=fa06250faf7fb2984e396518c8e6c0d5db1af506;hb=8a865621540c7bc7f03665a2b7029cb444a9593a;hp=39543d96f617a5899687e3c2fbe6619d8077dafd;hpb=cfdca13028ff3aa8c5f4b63ba5abf878cd55ced5;p=karo-tx-linux.git

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 39543d96f617..fa06250faf7f 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -587,15 +587,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net)
 	module_put(par.match->me);
 }
 
-static int
-check_entry(const struct ipt_entry *e)
-{
-	if (!ip_checkentry(&e->ip))
-		return -EINVAL;
-
-	return xt_check_entry_offsets(e, e->target_offset, e->next_offset);
-}
-
 static int
 check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
 {
@@ -760,7 +751,11 @@ check_entry_size_and_hooks(struct ipt_entry *e,
 		return -EINVAL;
 	}
 
-	err = check_entry(e);
+	if (!ip_checkentry(&e->ip))
+		return -EINVAL;
+
+	err = xt_check_entry_offsets(e, e->elems, e->target_offset,
+				     e->next_offset);
 	if (err)
 		return err;
 
@@ -1515,8 +1510,11 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
 		return -EINVAL;
 	}
 
-	/* For purposes of check_entry casting the compat entry is fine */
-	ret = check_entry((struct ipt_entry *)e);
+	if (!ip_checkentry(&e->ip))
+		return -EINVAL;
+
+	ret = xt_compat_check_entry_offsets(e, e->elems,
+					    e->target_offset, e->next_offset);
 	if (ret)
 		return ret;