[][kernel][common][hnat][Fix Coverity scan warning]
[Description]
Fix Coverity scan warning.
[Release-log]
N/A
Change-Id: Iafa443df041c656079bb17dc4706159fcc9cdce6
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/6838293
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.c
index b1ecae9..5312a0b 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.c
@@ -408,7 +408,7 @@
{
u32 foe_table_sz;
u32 foe_mib_tb_sz;
- u32 etry_num_cfg;
+ int etry_num_cfg;
if (ppe_id >= CFG_PPE_NUM)
return -EINVAL;
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
index 32711b3..dd31560 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
@@ -43,6 +43,7 @@
static uint8_t *show_cpu_reason(struct sk_buff *skb)
{
static u8 buf[32];
+ int ret;
switch (skb_hnat_reason(skb)) {
case TTL_0:
@@ -91,8 +92,12 @@
return "Pre bind\n";
}
- sprintf(buf, "CPU Reason Error - %X\n", skb_hnat_entry(skb));
- return buf;
+ ret = snprintf(buf, sizeof(buf), "CPU Reason Error - %X\n",
+ skb_hnat_entry(skb));
+ if (ret == strlen(buf))
+ return buf;
+ else
+ return "CPU Reason Error\n";
}
uint32_t foe_dump_pkt(struct sk_buff *skb)
@@ -829,7 +834,8 @@
*packets = cnt_r2 + ((u64)cnt_r3 << 32);
} else {
*bytes = cnt_r0 + ((u64)(cnt_r1 & 0xffff) << 32);
- *packets = ((cnt_r1 & 0xffff0000) >> 16) + ((cnt_r2 & 0xffffff) << 16);
+ *packets = ((cnt_r1 & 0xffff0000) >> 16) +
+ ((u64)(cnt_r2 & 0xffffff) << 16);
}
return 0;
@@ -845,6 +851,9 @@
if (ppe_id >= CFG_PPE_NUM)
return NULL;
+ if (index >= hnat_priv->foe_etry_num)
+ return NULL;
+
if (!hnat_priv->data->per_flow_accounting)
return NULL;
@@ -853,7 +862,7 @@
h->acct[ppe_id][index].bytes += bytes;
h->acct[ppe_id][index].packets += packets;
-
+
if (diff) {
diff->bytes = bytes;
diff->packets = packets;
@@ -2159,6 +2168,15 @@
line[length] = '\0';
+#if defined(CONFIG_MEDIATEK_NETSYS_V3)
+ if (max_rate > 100000000 || max_rate < 0 ||
+ min_rate > 100000000 || min_rate < 0)
+#else
+ if (max_rate > 10000000 || max_rate < 0 ||
+ min_rate > 10000000 || min_rate < 0)
+#endif
+ return -EINVAL;
+
while (max_rate > 127) {
max_rate /= 10;
max_exp++;
@@ -2477,7 +2495,7 @@
static ssize_t hnat_qos_toggle_write(struct file *file, const char __user *buffer,
size_t count, loff_t *data)
{
- char buf[32], tmp[32];
+ char buf[32] = {0}, tmp[32];
int len = count;
char *p_buf = NULL, *p_token = NULL;
@@ -2670,25 +2688,26 @@
buf[len] = '\0';
#if defined(CONFIG_MEDIATEK_NETSYS_V3)
- sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s %x %x %x",
- &hash,
- &entry.ipv4_hnapt.info_blk1,
- &entry.ipv4_hnapt.sip,
- &entry.ipv4_hnapt.dip,
- &entry.ipv4_hnapt.sport,
- &entry.ipv4_hnapt.dport,
- &entry.ipv4_hnapt.info_blk2,
- &entry.ipv4_hnapt.new_sip,
- &entry.ipv4_hnapt.new_dip,
- &entry.ipv4_hnapt.new_sport,
- &entry.ipv4_hnapt.new_dport,
- dmac_str, smac_str, &tport_id, &tops_entry, &cdrt_id);
+ if (sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s %x %x %x",
+ &hash,
+ &entry.ipv4_hnapt.info_blk1,
+ &entry.ipv4_hnapt.sip,
+ &entry.ipv4_hnapt.dip,
+ &entry.ipv4_hnapt.sport,
+ &entry.ipv4_hnapt.dport,
+ &entry.ipv4_hnapt.info_blk2,
+ &entry.ipv4_hnapt.new_sip,
+ &entry.ipv4_hnapt.new_dip,
+ &entry.ipv4_hnapt.new_sport,
+ &entry.ipv4_hnapt.new_dport,
+ dmac_str, smac_str, &tport_id, &tops_entry, &cdrt_id) != 16)
+ return -EFAULT;
entry.ipv4_hnapt.tport_id = tport_id;
entry.ipv4_hnapt.tops_entry = tops_entry;
entry.ipv4_hnapt.cdrt_id = cdrt_id;
- if ((hash > 8192) || (hash < -1) || (hash % 4 != 0) ||
+ if ((hash >= hnat_priv->foe_etry_num) || (hash < -1) ||
(tport_id > 16) || (tport_id < 0) ||
(tops_entry > 64) || (tops_entry < 0) ||
(cdrt_id > 255) || (cdrt_id < 0) ||
@@ -2701,24 +2720,25 @@
(entry.ipv4_hnapt.new_dport > 65535) ||
(entry.ipv4_hnapt.new_dport < 0)) {
hnat_static_entry_help();
- return -EINVAL;
+ return -EFAULT;
}
#else
- sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s",
- &hash,
- &entry.ipv4_hnapt.info_blk1,
- &entry.ipv4_hnapt.sip,
- &entry.ipv4_hnapt.dip,
- &entry.ipv4_hnapt.sport,
- &entry.ipv4_hnapt.dport,
- &entry.ipv4_hnapt.info_blk2,
- &entry.ipv4_hnapt.new_sip,
- &entry.ipv4_hnapt.new_dip,
- &entry.ipv4_hnapt.new_sport,
- &entry.ipv4_hnapt.new_dport,
- dmac_str, smac_str);
+ if (sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s",
+ &hash,
+ &entry.ipv4_hnapt.info_blk1,
+ &entry.ipv4_hnapt.sip,
+ &entry.ipv4_hnapt.dip,
+ &entry.ipv4_hnapt.sport,
+ &entry.ipv4_hnapt.dport,
+ &entry.ipv4_hnapt.info_blk2,
+ &entry.ipv4_hnapt.new_sip,
+ &entry.ipv4_hnapt.new_dip,
+ &entry.ipv4_hnapt.new_sport,
+ &entry.ipv4_hnapt.new_dport,
+ dmac_str, smac_str) != 13)
+ return -EFAULT;
- if ((hash > 8192) || (hash < -1) || (hash % 4 != 0) ||
+ if ((hash >= hnat_priv->foe_etry_num) || (hash < -1) ||
(entry.ipv4_hnapt.sport > 65535) ||
(entry.ipv4_hnapt.sport < 0) ||
(entry.ipv4_hnapt.dport > 65535) ||
@@ -2728,7 +2748,7 @@
(entry.ipv4_hnapt.new_dport > 65535) ||
(entry.ipv4_hnapt.new_dport < 0)) {
hnat_static_entry_help();
- return -EINVAL;
+ return -EFAULT;
}
#endif
@@ -2884,7 +2904,11 @@
h->regset[i]->nregs = ARRAY_SIZE(hnat_regs);
h->regset[i]->base = h->ppe_base[i];
- snprintf(name, sizeof(name), "regdump%ld", i);
+ ret = snprintf(name, sizeof(name), "regdump%ld", i);
+ if (ret != strlen(name)) {
+ ret = -ENOMEM;
+ goto err1;
+ }
file = debugfs_create_regset32(name, 0444,
root, h->regset[i]);
if (!file) {
@@ -2921,13 +2945,21 @@
&hnat_static_fops);
for (i = 0; i < hnat_priv->data->num_of_sch; i++) {
- snprintf(name, sizeof(name), "qdma_sch%ld", i);
+ ret = snprintf(name, sizeof(name), "qdma_sch%ld", i);
+ if (ret != strlen(name)) {
+ ret = -ENOMEM;
+ goto err1;
+ }
debugfs_create_file(name, 0444, root, (void *)i,
&hnat_sched_fops);
}
for (i = 0; i < MTK_QDMA_TX_NUM; i++) {
- snprintf(name, sizeof(name), "qdma_txq%ld", i);
+ ret = snprintf(name, sizeof(name), "qdma_txq%ld", i);
+ if (ret != strlen(name)) {
+ ret = -ENOMEM;
+ goto err1;
+ }
debugfs_create_file(name, 0444, root, (void *)i,
&hnat_queue_fops);
}
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_mcast.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_mcast.c
index 512c845..210b191 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_mcast.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_mcast.c
@@ -297,11 +297,11 @@
INIT_WORK(&pmcast->work, hnat_mcast_nlmsg_handler);
pmcast->queue = create_singlethread_workqueue("ppe_mcast");
if (!pmcast->queue)
- goto err;
+ goto err1;
pmcast->msock = hnat_mcast_netlink_open(&init_net);
if (!pmcast->msock)
- goto err;
+ goto err2;
hnat_priv->pmcast = pmcast;
@@ -325,11 +325,10 @@
cr_set_field(hnat_priv->ppe_base[ppe_id] + PPE_MCAST_PPSE, MC_P3_PPSE, 5);
return 0;
-err:
+err2:
if (pmcast->queue)
destroy_workqueue(pmcast->queue);
- if (pmcast->msock)
- sock_release(pmcast->msock);
+err1:
kfree(pmcast);
return -1;
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
index ddc8bb5..24350c9 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -421,6 +421,10 @@
trace_printk("%s: vlan_prot=0x%x, vlan_tci=%x\n", __func__,
ntohs(skb->vlan_proto), skb->vlan_tci);
+ if (skb_hnat_entry(skb) >= hnat_priv->foe_etry_num ||
+ skb_hnat_ppe(skb) >= CFG_PPE_NUM)
+ return -1;
+
dev = get_dev_from_index(skb->vlan_tci & VLAN_VID_MASK);
if (dev) {
@@ -479,6 +483,10 @@
struct foe_entry *entry;
struct net_device *dev;
+ if (skb_hnat_entry(skb) >= hnat_priv->foe_etry_num ||
+ skb_hnat_ppe(skb) >= CFG_PPE_NUM)
+ return -1;
+
entry = &hnat_priv->foe_table_cpu[skb_hnat_ppe(skb)][skb_hnat_entry(skb)];
if (IS_IPV4_GRP(entry))
@@ -730,6 +738,9 @@
mtk_hnat_ipv6_nf_pre_routing(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ if (!skb)
+ goto drop;
+
if (!is_ppe_support_type(skb)) {
hnat_set_head_frags(state, skb, 1, hnat_set_alg);
return NF_ACCEPT;
@@ -743,8 +754,6 @@
if (do_ext2ge_fast_try(state->in, skb)) {
if (!do_hnat_ext_to_ge(skb, state->in, __func__))
return NF_STOLEN;
- if (!skb)
- goto drop;
return NF_ACCEPT;
}
@@ -772,12 +781,14 @@
#endif
return NF_ACCEPT;
drop:
- printk_ratelimited(KERN_WARNING
- "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, state->in->name, skb_hnat_iface(skb),
- HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
- skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+ if (skb)
+ printk_ratelimited(KERN_WARNING
+ "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, state->in->name, skb_hnat_iface(skb),
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -786,6 +797,9 @@
mtk_hnat_ipv4_nf_pre_routing(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ if (!skb)
+ goto drop;
+
if (!is_ppe_support_type(skb)) {
hnat_set_head_frags(state, skb, 1, hnat_set_alg);
return NF_ACCEPT;
@@ -799,8 +813,6 @@
if (do_ext2ge_fast_try(state->in, skb)) {
if (!do_hnat_ext_to_ge(skb, state->in, __func__))
return NF_STOLEN;
- if (!skb)
- goto drop;
return NF_ACCEPT;
}
@@ -815,12 +827,14 @@
return NF_ACCEPT;
drop:
- printk_ratelimited(KERN_WARNING
- "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, state->in->name, skb_hnat_iface(skb),
- HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
- skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+ if (skb)
+ printk_ratelimited(KERN_WARNING
+ "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, state->in->name, skb_hnat_iface(skb),
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -831,6 +845,9 @@
{
struct vlan_ethhdr *veth;
+ if (!skb)
+ goto drop;
+
if (IS_HQOS_MODE && hnat_priv->data->whnat) {
veth = (struct vlan_ethhdr *)skb_mac_header(skb);
@@ -863,8 +880,6 @@
if (!do_hnat_ext_to_ge(skb, state->in, __func__))
return NF_STOLEN;
- if (!skb)
- goto drop;
return NF_ACCEPT;
}
@@ -899,12 +914,14 @@
#endif
return NF_ACCEPT;
drop:
- printk_ratelimited(KERN_WARNING
- "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, state->in->name, skb_hnat_iface(skb),
- HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
- skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+ if (skb)
+ printk_ratelimited(KERN_WARNING
+ "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, state->in->name, skb_hnat_iface(skb),
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -1686,7 +1703,9 @@
wmb();
memcpy(foe, &entry, sizeof(entry));
/*reset statistic for this entry*/
- if (hnat_priv->data->per_flow_accounting)
+ if (hnat_priv->data->per_flow_accounting &&
+ skb_hnat_entry(skb) < hnat_priv->foe_etry_num &&
+ skb_hnat_ppe(skb) < CFG_PPE_NUM)
memset(&hnat_priv->acct[skb_hnat_ppe(skb)][skb_hnat_entry(skb)],
0, sizeof(struct mib_entry));
@@ -2105,6 +2124,10 @@
trace_printk("[%s] case hit, %x-->%s, reason=%x\n", __func__,
skb_hnat_iface(skb), out->name, skb_hnat_reason(skb));
+ if (skb_hnat_entry(skb) >= hnat_priv->foe_etry_num ||
+ skb_hnat_ppe(skb) >= CFG_PPE_NUM)
+ return -1;
+
entry = &hnat_priv->foe_table_cpu[skb_hnat_ppe(skb)][skb_hnat_entry(skb)];
switch (skb_hnat_reason(skb)) {
@@ -2168,6 +2191,10 @@
if (unlikely(!skb_hnat_is_hashed(skb)))
return NF_ACCEPT;
+ if (skb_hnat_entry(skb) >= hnat_priv->foe_etry_num ||
+ skb_hnat_ppe(skb) >= CFG_PPE_NUM)
+ return NF_ACCEPT;
+
entry = &hnat_priv->foe_table_cpu[skb_hnat_ppe(skb)][skb_hnat_entry(skb)];
if (skb_hnat_reason(skb) == HIT_UNBIND_RATE_REACH) {
ip6h = ipv6_hdr(skb);
@@ -2223,17 +2250,24 @@
mtk_hnat_ipv6_nf_post_routing(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ if (!skb)
+ goto drop;
+
post_routing_print(skb, state->in, state->out, __func__);
if (!mtk_hnat_nf_post_routing(skb, state->out, hnat_ipv6_get_nexthop,
__func__))
return NF_ACCEPT;
- trace_printk(
- "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, skb_hnat_iface(skb), state->out->name, HNAT_SKB_CB2(skb)->magic,
- skb_hnat_entry(skb), skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+drop:
+ if (skb)
+ trace_printk(
+ "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, skb_hnat_iface(skb), state->out->name,
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -2242,17 +2276,24 @@
mtk_hnat_ipv4_nf_post_routing(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ if (!skb)
+ goto drop;
+
post_routing_print(skb, state->in, state->out, __func__);
if (!mtk_hnat_nf_post_routing(skb, state->out, hnat_ipv4_get_nexthop,
__func__))
return NF_ACCEPT;
- trace_printk(
- "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, skb_hnat_iface(skb), state->out->name, HNAT_SKB_CB2(skb)->magic,
- skb_hnat_entry(skb), skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+drop:
+ if (skb)
+ trace_printk(
+ "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, skb_hnat_iface(skb), state->out->name,
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -2287,13 +2328,16 @@
}
return NF_ACCEPT;
+
drop:
- printk_ratelimited(KERN_WARNING
- "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, state->in->name, skb_hnat_iface(skb),
- HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
- skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+ if (skb)
+ printk_ratelimited(KERN_WARNING
+ "%s:drop (in_dev=%s, iif=0x%x, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, state->in->name, skb_hnat_iface(skb),
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -2302,16 +2346,23 @@
mtk_hnat_br_nf_local_out(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ if (!skb)
+ goto drop;
+
post_routing_print(skb, state->in, state->out, __func__);
if (!mtk_hnat_nf_post_routing(skb, state->out, 0, __func__))
return NF_ACCEPT;
- trace_printk(
- "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x, sport=0x%x, reason=0x%x, alg=0x%x)\n",
- __func__, skb_hnat_iface(skb), state->out->name, HNAT_SKB_CB2(skb)->magic,
- skb_hnat_entry(skb), skb_hnat_sport(skb), skb_hnat_reason(skb),
- skb_hnat_alg(skb));
+drop:
+ if (skb)
+ trace_printk(
+ "%s:drop (iif=0x%x, out_dev=%s, CB2=0x%x, ppe_hash=0x%x,\n"
+ "sport=0x%x, reason=0x%x, alg=0x%x)\n",
+ __func__, skb_hnat_iface(skb), state->out->name,
+ HNAT_SKB_CB2(skb)->magic, skb_hnat_entry(skb),
+ skb_hnat_sport(skb), skb_hnat_reason(skb),
+ skb_hnat_alg(skb));
return NF_DROP;
}
@@ -2327,6 +2378,10 @@
if (!skb_hnat_is_hashed(skb))
return NF_ACCEPT;
+ if (skb_hnat_entry(skb) >= hnat_priv->foe_etry_num ||
+ skb_hnat_ppe(skb) >= CFG_PPE_NUM)
+ return NF_ACCEPT;
+
entry = &hnat_priv->foe_table_cpu[skb_hnat_ppe(skb)][skb_hnat_entry(skb)];
if (unlikely(skb_headroom(skb) < FOE_INFO_LEN)) {