[NETFILTER]: ipt action: use xt_check_target for basic verification
authorPatrick McHardy <kaber@trash.net>
Tue, 25 Apr 2006 00:18:59 +0000 (17:18 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Tue, 25 Apr 2006 00:27:34 +0000 (17:27 -0700)
The targets don't do the basic verification themselves anymore so
the ipt action needs to take care of it.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/act_ipt.c

index 6056d20ef429daac373be83b3fefbd9c315c17b5..37640c6fc014c4c8a53a01609cbc78a51cbc7de6 100644 (file)
@@ -69,6 +69,11 @@ ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
        DPRINTK("ipt_init_target: found %s\n", target->name);
        t->u.kernel.target = target;
 
+       ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
+                             table, hook, 0, 0);
+       if (ret)
+               return ret;
+
        if (t->u.kernel.target->checkentry
            && !t->u.kernel.target->checkentry(table, NULL,
                                               t->u.kernel.target, t->data,