anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-11 23:24:57 +02:00
Code Issues Releases Wiki Activity

pknock: use explicit tests for non-bool types

Browse Source
This commit is contained in:
Jan Engelhardt
2009-09-30 01:26:06 +02:00
parent 79d54ebd7c
commit e436948ebd
2 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
extensions/libxt_pknock.c
View File

@@ -61,16 +61,19 @@ parse_ports(const char *portstring, uint16_t *ports, const char *proto)
unsigned int i; unsigned int i;
buffer = strdup(portstring); buffer = strdup(portstring);
if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed"); if (buffer == NULL)
xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp=buffer, i=0; cp && i<IPT_PKNOCK_MAX_PORTS; cp=next, i++) for (cp=buffer, i=0; cp != NULL && i<IPT_PKNOCK_MAX_PORTS; cp=next, i++)
{ {
next=strchr(cp, ','); next=strchr(cp, ',');
if (next) *next++='\0'; if (next != NULL)
*next++ = '\0';
ports[i] = xtables_parse_port(cp, proto); ports[i] = xtables_parse_port(cp, proto);
} }
if (cp) xtables_error(PARAMETER_PROBLEM, "too many ports specified"); if (cp != NULL)
xtables_error(PARAMETER_PROBLEM, "too many ports specified");
free(buffer); free(buffer);
return i; return i;
@@ -99,7 +102,7 @@ check_proto(uint16_t pnum, uint8_t invflags)
if ((proto = proto_to_name(pnum)) != NULL) if ((proto = proto_to_name(pnum)) != NULL)
return proto; return proto;
else if (!pnum) else if (pnum == 0)
xtables_error(PARAMETER_PROBLEM, PKNOCK "needs `-p tcp' or `-p udp'"); xtables_error(PARAMETER_PROBLEM, PKNOCK "needs `-p tcp' or `-p udp'");
else else
xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP."); xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP.");

30
extensions/xt_pknock.c
View File

@@ -254,7 +254,7 @@ static int
pknock_proc_open(struct inode *inode, struct file *file) pknock_proc_open(struct inode *inode, struct file *file)
{ {
int ret = seq_open(file, &pknock_seq_ops); int ret = seq_open(file, &pknock_seq_ops);
if (!ret) { if (ret == 0) {
struct seq_file *sf = file->private_data; struct seq_file *sf = file->private_data;
sf->private = PDE(inode); sf->private = PDE(inode);
} }
@@ -292,7 +292,8 @@ update_rule_timer(struct ipt_pknock_rule *rule)
static inline bool static inline bool
is_time_exceeded(const struct peer *peer, unsigned int max_time) is_time_exceeded(const struct peer *peer, unsigned int max_time)
{ {
return peer && time_after(jiffies/HZ, peer->timestamp + max_time); return peer != NULL && time_after(jiffies / HZ,
peer->timestamp + max_time);
} }
/** /**
@@ -302,7 +303,7 @@ is_time_exceeded(const struct peer *peer, unsigned int max_time)
static inline bool static inline bool
has_logged_during_this_minute(const struct peer *peer) has_logged_during_this_minute(const struct peer *peer)
{ {
return peer && (peer->login_min == get_epoch_minute()); return peer != NULL && peer->login_min == get_epoch_minute();
} }
/** /**
@@ -425,7 +426,7 @@ add_rule(struct ipt_pknock *info)
rule->timer.data = (unsigned long)rule; rule->timer.data = (unsigned long)rule;
rule->status_proc = create_proc_entry(info->rule_name, 0, pde); rule->status_proc = create_proc_entry(info->rule_name, 0, pde);
if (!rule->status_proc) { if (rule->status_proc == NULL) {
printk(KERN_ERR PKNOCK "create_proc_entry() error in add_rule()" printk(KERN_ERR PKNOCK "create_proc_entry() error in add_rule()"
" function.\n"); " function.\n");
kfree(rule); kfree(rule);
@@ -471,7 +472,7 @@ remove_rule(struct ipt_pknock *info)
pr_debug("(N) rule not found: %s.\n", info->rule_name); pr_debug("(N) rule not found: %s.\n", info->rule_name);
return; return;
} }
if (rule && rule->ref_count == 0) { if (rule != NULL && rule->ref_count == 0) {
hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) { hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) {
peer = list_entry(pos, struct peer, head); peer = list_entry(pos, struct peer, head);
@@ -482,7 +483,7 @@ remove_rule(struct ipt_pknock *info)
} }
} }
if (rule->status_proc) if (rule->status_proc != NULL)
remove_proc_entry(info->rule_name, pde); remove_proc_entry(info->rule_name, pde);
pr_debug("(D) rule deleted: %s.\n", rule->rule_name); pr_debug("(D) rule deleted: %s.\n", rule->rule_name);
if (timer_pending(&rule->timer)) if (timer_pending(&rule->timer))
@@ -582,7 +583,8 @@ static inline void
remove_peer(struct peer *peer) remove_peer(struct peer *peer)
{ {
list_del(&peer->head); list_del(&peer->head);
if (peer) kfree(peer); if (peer != NULL)
kfree(peer);
} }
/** /**
@@ -608,7 +610,7 @@ static inline bool
is_wrong_knock(const struct peer *peer, const struct ipt_pknock *info, is_wrong_knock(const struct peer *peer, const struct ipt_pknock *info,
uint16_t port) uint16_t port)
{ {
return peer && (info->port[peer->id_port_knocked-1] != port); return peer != NULL && info->port[peer->id_port_knocked-1] != port;
} }
/** /**
@@ -619,7 +621,7 @@ is_wrong_knock(const struct peer *peer, const struct ipt_pknock *info,
static inline bool static inline bool
is_last_knock(const struct peer *peer, const struct ipt_pknock *info) is_last_knock(const struct peer *peer, const struct ipt_pknock *info)
{ {
return peer && (peer->id_port_knocked-1 == info->ports_count); return peer != NULL && peer->id_port_knocked - 1 == info->ports_count;
} }
/** /**
@@ -629,7 +631,7 @@ is_last_knock(const struct peer *peer, const struct ipt_pknock *info)
static inline bool static inline bool
is_allowed(const struct peer *peer) is_allowed(const struct peer *peer)
{ {
return peer && (peer->status == ST_ALLOWED); return peer != NULL && peer->status == ST_ALLOWED;
} }
/** /**
@@ -647,7 +649,7 @@ msg_to_userspace_nl(const struct ipt_pknock *info,
struct ipt_pknock_nl_msg msg; struct ipt_pknock_nl_msg msg;
m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC); m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC);
if (!m) { if (m == NULL) {
printk(KERN_ERR PKNOCK "kmalloc() error in " printk(KERN_ERR PKNOCK "kmalloc() error in "
"msg_to_userspace_nl().\n"); "msg_to_userspace_nl().\n");
return false; return false;
@@ -737,7 +739,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
sg_set_buf(&sg[1], &epoch_min, sizeof(epoch_min)); sg_set_buf(&sg[1], &epoch_min, sizeof(epoch_min));
ret = crypto_hash_setkey(crypto.tfm, secret, secret_len); ret = crypto_hash_setkey(crypto.tfm, secret, secret_len);
if (ret) { if (ret != 0) {
printk("crypto_hash_setkey() failed ret=%d\n", ret); printk("crypto_hash_setkey() failed ret=%d\n", ret);
ret = 0; ret = 0;
goto out; goto out;
@@ -749,7 +751,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
* 4 bytes int epoch_min (32 bits) * 4 bytes int epoch_min (32 bits)
*/ */
ret = crypto_hash_digest(&crypto.desc, sg, 8, result); ret = crypto_hash_digest(&crypto.desc, sg, 8, result);
if (ret) { if (ret != 0) {
printk("crypto_hash_digest() failed ret=%d\n", ret); printk("crypto_hash_digest() failed ret=%d\n", ret);
ret = 0; ret = 0;
goto out; goto out;
@@ -1008,7 +1010,7 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
struct ipt_pknock *info = par->matchinfo; struct ipt_pknock *info = par->matchinfo;
/* Singleton. */ /* Singleton. */
if (!rule_hashtable) { if (rule_hashtable == NULL) {
rule_hashtable = alloc_hashtable(rule_hashsize); rule_hashtable = alloc_hashtable(rule_hashsize);
if (rule_hashtable == NULL) if (rule_hashtable == NULL)
RETURN_ERR("alloc_hashtable() error in checkentry()\n"); RETURN_ERR("alloc_hashtable() error in checkentry()\n");