a18aa31b77
When copying entries to user, the kernel makes two passes through the data, first copying all the entries, then fixing up names and counters. On the second pass it copies the kernel and match data from userspace to the kernel again to find the corresponding structures, expecting that kernel pointers contained in the data are still valid. This is obviously broken, fix by avoiding the second pass completely and fixing names and counters while dumping the ruleset, using the kernel-internal data structures. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
arp_tables.c | ||
arpt_mangle.c | ||
arptable_filter.c | ||
ip_queue.c | ||
ip_tables.c | ||
ipt_addrtype.c | ||
ipt_ah.c | ||
ipt_CLUSTERIP.c | ||
ipt_ecn.c | ||
ipt_ECN.c | ||
ipt_iprange.c | ||
ipt_LOG.c | ||
ipt_MASQUERADE.c | ||
ipt_NETMAP.c | ||
ipt_owner.c | ||
ipt_recent.c | ||
ipt_REDIRECT.c | ||
ipt_REJECT.c | ||
ipt_SAME.c | ||
ipt_tos.c | ||
ipt_TOS.c | ||
ipt_ttl.c | ||
ipt_TTL.c | ||
ipt_ULOG.c | ||
iptable_filter.c | ||
iptable_mangle.c | ||
iptable_raw.c | ||
Kconfig | ||
Makefile | ||
nf_conntrack_l3proto_ipv4_compat.c | ||
nf_conntrack_l3proto_ipv4.c | ||
nf_conntrack_proto_icmp.c | ||
nf_nat_amanda.c | ||
nf_nat_core.c | ||
nf_nat_ftp.c | ||
nf_nat_h323.c | ||
nf_nat_helper.c | ||
nf_nat_irc.c | ||
nf_nat_pptp.c | ||
nf_nat_proto_gre.c | ||
nf_nat_proto_icmp.c | ||
nf_nat_proto_tcp.c | ||
nf_nat_proto_udp.c | ||
nf_nat_proto_unknown.c | ||
nf_nat_rule.c | ||
nf_nat_sip.c | ||
nf_nat_snmp_basic.c | ||
nf_nat_standalone.c | ||
nf_nat_tftp.c |