lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 25 Apr 2015 10:27:00 +0100
From:	Ian Morris <ipm@...rality.org.uk>
To:	netdev@...r.kernel.org
Cc:	Ian Morris <ipm@...rality.org.uk>
Subject: [PATCH net-next 6/6] ipv6: netfilter: simply if-else statements

Remove "else" branch of "if" statements where a return is always done
when the condition is true.

No changes detected by objdiff.

Signed-off-by: Ian Morris <ipm@...rality.org.uk>
---
 net/ipv6/netfilter/ip6_tables.c                |   7 +-
 net/ipv6/netfilter/ip6t_hbh.c                  | 105 ++++++++++++-------------
 net/ipv6/netfilter/ip6t_rt.c                   | 100 +++++++++++------------
 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |   5 +-
 4 files changed, 105 insertions(+), 112 deletions(-)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index ed3612d..ad02f10 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -268,8 +268,8 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
 				: comments[NF_IP6_TRACE_COMMENT_RETURN];
 		}
 		return 1;
-	} else
-		(*rulenum)++;
+	}
+	(*rulenum)++;
 
 	return 0;
 }
@@ -446,7 +446,8 @@ ip6t_do_table(struct sk_buff *skb,
 #else
 	if (acpar.hotdrop)
 		return NF_DROP;
-	else return verdict;
+
+	return verdict;
 #endif
 }
 
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index a99313f..98304ba 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -95,70 +95,67 @@ hbh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 
 	ptr += 2;
 	hdrlen -= 2;
-	if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
+	if (!(optinfo->flags & IP6T_OPTS_OPTS))
 		return ret;
-	} else {
-		pr_debug("Strict ");
-		pr_debug("#%d ", optinfo->optsnr);
-		for (temp = 0; temp < optinfo->optsnr; temp++) {
-			/* type field exists ? */
-			if (hdrlen < 1)
+
+	pr_debug("Strict ");
+	pr_debug("#%d ", optinfo->optsnr);
+	for (temp = 0; temp < optinfo->optsnr; temp++) {
+		/* type field exists ? */
+		if (hdrlen < 1)
+			break;
+		tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
+					&_opttype);
+		if (!tp)
+			break;
+
+		/* Type check */
+		if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
+			pr_debug("Tbad %02X %02X\n", *tp,
+				 (optinfo->opts[temp] & 0xFF00) >> 8);
+			return false;
+		}
+		pr_debug("Tok ");
+
+		/* Length check */
+		if (*tp) {
+			u16 spec_len;
+
+			/* length field exists ? */
+			if (hdrlen < 2)
 				break;
-			tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
-						&_opttype);
-			if (!tp)
+			lp = skb_header_pointer(skb, ptr + 1,
+						sizeof(_optlen),
+						&_optlen);
+			if (!lp)
 				break;
+			spec_len = optinfo->opts[temp] & 0x00FF;
 
-			/* Type check */
-			if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
-				pr_debug("Tbad %02X %02X\n", *tp,
-					 (optinfo->opts[temp] & 0xFF00) >> 8);
+			if (spec_len != 0x00FF && spec_len != *lp) {
+				pr_debug("Lbad %02X %04X\n", *lp,
+					 spec_len);
 				return false;
-			} else {
-				pr_debug("Tok ");
-			}
-			/* Length check */
-			if (*tp) {
-				u16 spec_len;
-
-				/* length field exists ? */
-				if (hdrlen < 2)
-					break;
-				lp = skb_header_pointer(skb, ptr + 1,
-							sizeof(_optlen),
-							&_optlen);
-				if (!lp)
-					break;
-				spec_len = optinfo->opts[temp] & 0x00FF;
-
-				if (spec_len != 0x00FF && spec_len != *lp) {
-					pr_debug("Lbad %02X %04X\n", *lp,
-						 spec_len);
-					return false;
-				}
-				pr_debug("Lok ");
-				optlen = *lp + 2;
-			} else {
-				pr_debug("Pad1\n");
-				optlen = 1;
 			}
+			pr_debug("Lok ");
+			optlen = *lp + 2;
+		} else {
+			pr_debug("Pad1\n");
+			optlen = 1;
+		}
 
-			/* Step to the next */
-			pr_debug("len%04X\n", optlen);
+		/* Step to the next */
+		pr_debug("len%04X\n", optlen);
 
-			if ((ptr > skb->len - optlen || hdrlen < optlen) &&
-			    temp < optinfo->optsnr - 1) {
-				pr_debug("new pointer is too large!\n");
-				break;
-			}
-			ptr += optlen;
-			hdrlen -= optlen;
+		if ((ptr > skb->len - optlen || hdrlen < optlen) &&
+		    temp < optinfo->optsnr - 1) {
+			pr_debug("new pointer is too large!\n");
+			break;
 		}
-		if (temp == optinfo->optsnr)
-			return ret;
-		else
-			return false;
+		ptr += optlen;
+		hdrlen -= optlen;
 	}
+	if (temp == optinfo->optsnr)
+		return ret;
 
 	return false;
 }
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index bdab49e..f2668e2 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -119,66 +119,62 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 	if (!(rtinfo->flags & IP6T_RT_FST)) {
 		return ret;
 	} else if (rtinfo->flags & IP6T_RT_FST_NSTRICT) {
+		unsigned int i = 0;
+
 		pr_debug("Not strict ");
 		if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
 			pr_debug("There isn't enough space\n");
 			return false;
-		} else {
-			unsigned int i = 0;
-
-			pr_debug("#%d ", rtinfo->addrnr);
-			for (temp = 0;
-			     temp < (unsigned int)((hdrlen - 8) / 16);
-			     temp++) {
-				ap = skb_header_pointer(skb,
-							ptr
-							+ sizeof(struct rt0_hdr)
-							+ temp * sizeof(_addr),
-							sizeof(_addr),
-							&_addr);
-
-				BUG_ON(!ap);
-
-				if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {
-					pr_debug("i=%d temp=%d;\n", i, temp);
-					i++;
-				}
-				if (i == rtinfo->addrnr)
-					break;
-			}
-			pr_debug("i=%d #%d\n", i, rtinfo->addrnr);
-			if (i == rtinfo->addrnr)
-				return ret;
-			else
-				return false;
 		}
-	} else {
-		pr_debug("Strict ");
-		if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
-			pr_debug("There isn't enough space\n");
-			return false;
-		} else {
-			pr_debug("#%d ", rtinfo->addrnr);
-			for (temp = 0; temp < rtinfo->addrnr; temp++) {
-				ap = skb_header_pointer(skb,
-							ptr
-							+ sizeof(struct rt0_hdr)
-							+ temp * sizeof(_addr),
-							sizeof(_addr),
-							&_addr);
-				BUG_ON(!ap);
-
-				if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp]))
-					break;
+
+		pr_debug("#%d ", rtinfo->addrnr);
+		for (temp = 0;
+		     temp < (unsigned int)((hdrlen - 8) / 16);
+		     temp++) {
+			ap = skb_header_pointer(skb,
+						ptr
+						+ sizeof(struct rt0_hdr)
+						+ temp * sizeof(_addr),
+						sizeof(_addr),
+						&_addr);
+
+			BUG_ON(!ap);
+
+			if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {
+				pr_debug("i=%d temp=%d;\n", i, temp);
+				i++;
 			}
-			pr_debug("temp=%d #%d\n", temp, rtinfo->addrnr);
-			if (temp == rtinfo->addrnr &&
-			    temp == (unsigned int)((hdrlen - 8) / 16))
-				return ret;
-			else
-				return false;
+			if (i == rtinfo->addrnr)
+				break;
 		}
+		pr_debug("i=%d #%d\n", i, rtinfo->addrnr);
+		if (i == rtinfo->addrnr)
+			return ret;
+
+		return false;
+	}
+	pr_debug("Strict ");
+	if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
+		pr_debug("There isn't enough space\n");
+		return false;
 	}
+	pr_debug("#%d ", rtinfo->addrnr);
+	for (temp = 0; temp < rtinfo->addrnr; temp++) {
+		ap = skb_header_pointer(skb,
+					ptr
+					+ sizeof(struct rt0_hdr)
+					+ temp * sizeof(_addr),
+					sizeof(_addr),
+					&_addr);
+		BUG_ON(!ap);
+
+		if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp]))
+			break;
+	}
+	pr_debug("temp=%d #%d\n", temp, rtinfo->addrnr);
+	if (temp == rtinfo->addrnr &&
+	    temp == (unsigned int)((hdrlen - 8) / 16))
+		return ret;
 
 	return false;
 }
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index b6cd77b..10030ad 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -181,10 +181,9 @@ icmpv6_error_message(struct net *net, struct nf_conn *tmpl,
 	if (!h) {
 		pr_debug("icmpv6_error: no match\n");
 		return -NF_ACCEPT;
-	} else {
-		if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
-			*ctinfo += IP_CT_IS_REPLY;
 	}
+	if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
+		*ctinfo += IP_CT_IS_REPLY;
 
 	/* Update skb to refer to this connection */
 	skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists