Commit dcf67740 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: helper: add build-time asserts for helper data size

add a 32 byte scratch area in the helper struct instead of relying
on variable sized helpers plus compile-time asserts to let us know
if 32 bytes aren't enough anymore.

Not having variable sized helpers will later allow to add BUILD_BUG_ON
for the total size of conntrack extensions -- the helper extension is
the only one that doesn't have a fixed size.

The (useless!) NF_CT_HELPER_BUILD_BUG_ON(0); are added so that in case
someone adds a new helper and copy-pastes from one that doesn't store
private data at least some indication that this macro should be used
somehow is there...
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 906535b0
...@@ -66,9 +66,12 @@ struct nf_conn_help { ...@@ -66,9 +66,12 @@ struct nf_conn_help {
u8 expecting[NF_CT_MAX_EXPECT_CLASSES]; u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
/* private helper information. */ /* private helper information. */
char data[]; char data[32] __aligned(8);
}; };
#define NF_CT_HELPER_BUILD_BUG_ON(structsize) \
BUILD_BUG_ON((structsize) > FIELD_SIZEOF(struct nf_conn_help, data))
struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name, struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,
u16 l3num, u8 protonum); u16 l3num, u8 protonum);
......
...@@ -207,6 +207,8 @@ static int __init nf_conntrack_amanda_init(void) ...@@ -207,6 +207,8 @@ static int __init nf_conntrack_amanda_init(void)
{ {
int ret, i; int ret, i;
NF_CT_HELPER_BUILD_BUG_ON(0);
for (i = 0; i < ARRAY_SIZE(search); i++) { for (i = 0; i < ARRAY_SIZE(search); i++) {
search[i].ts = textsearch_prepare(ts_algo, search[i].string, search[i].ts = textsearch_prepare(ts_algo, search[i].string,
search[i].len, search[i].len,
......
...@@ -577,6 +577,8 @@ static int __init nf_conntrack_ftp_init(void) ...@@ -577,6 +577,8 @@ static int __init nf_conntrack_ftp_init(void)
{ {
int i, ret = 0; int i, ret = 0;
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_ftp_master));
ftp_buffer = kmalloc(65536, GFP_KERNEL); ftp_buffer = kmalloc(65536, GFP_KERNEL);
if (!ftp_buffer) if (!ftp_buffer)
return -ENOMEM; return -ENOMEM;
......
...@@ -1836,6 +1836,8 @@ static int __init nf_conntrack_h323_init(void) ...@@ -1836,6 +1836,8 @@ static int __init nf_conntrack_h323_init(void)
{ {
int ret; int ret;
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master));
h323_buffer = kmalloc(65536, GFP_KERNEL); h323_buffer = kmalloc(65536, GFP_KERNEL);
if (!h323_buffer) if (!h323_buffer)
return -ENOMEM; return -ENOMEM;
......
...@@ -58,6 +58,8 @@ static struct nf_conntrack_helper helper __read_mostly = { ...@@ -58,6 +58,8 @@ static struct nf_conntrack_helper helper __read_mostly = {
static int __init nf_conntrack_netbios_ns_init(void) static int __init nf_conntrack_netbios_ns_init(void)
{ {
NF_CT_HELPER_BUILD_BUG_ON(0);
exp_policy.timeout = timeout; exp_policy.timeout = timeout;
return nf_conntrack_helper_register(&helper); return nf_conntrack_helper_register(&helper);
} }
......
...@@ -607,6 +607,8 @@ static struct nf_conntrack_helper pptp __read_mostly = { ...@@ -607,6 +607,8 @@ static struct nf_conntrack_helper pptp __read_mostly = {
static int __init nf_conntrack_pptp_init(void) static int __init nf_conntrack_pptp_init(void)
{ {
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_pptp_master));
return nf_conntrack_helper_register(&pptp); return nf_conntrack_helper_register(&pptp);
} }
......
...@@ -184,6 +184,8 @@ static int __init nf_conntrack_sane_init(void) ...@@ -184,6 +184,8 @@ static int __init nf_conntrack_sane_init(void)
{ {
int i, ret = 0; int i, ret = 0;
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sane_master));
sane_buffer = kmalloc(65536, GFP_KERNEL); sane_buffer = kmalloc(65536, GFP_KERNEL);
if (!sane_buffer) if (!sane_buffer)
return -ENOMEM; return -ENOMEM;
......
...@@ -1622,6 +1622,8 @@ static int __init nf_conntrack_sip_init(void) ...@@ -1622,6 +1622,8 @@ static int __init nf_conntrack_sip_init(void)
{ {
int i, ret; int i, ret;
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sip_master));
if (ports_c == 0) if (ports_c == 0)
ports[ports_c++] = SIP_PORT; ports[ports_c++] = SIP_PORT;
......
...@@ -113,6 +113,8 @@ static int __init nf_conntrack_tftp_init(void) ...@@ -113,6 +113,8 @@ static int __init nf_conntrack_tftp_init(void)
{ {
int i, ret; int i, ret;
NF_CT_HELPER_BUILD_BUG_ON(0);
if (ports_c == 0) if (ports_c == 0)
ports[ports_c++] = TFTP_PORT; ports[ports_c++] = TFTP_PORT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment