summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_ct.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2015-04-11 02:27:30 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2015-04-13 16:25:50 +0200
commitd07db9884a5fba8c8020166c86183c79a18d066a (patch)
tree74579f0a339d2fa8f8586b5971311ba3ba62ecff /net/netfilter/nft_ct.c
parent27e6d2017abdfbdb8b790c34c93d65ee10ce2fc5 (diff)
netfilter: nf_tables: introduce nft_validate_register_load()
Change nft_validate_input_register() to not only validate the input register number, but also the length of the load, and rename it to nft_validate_register_load() to reflect that change. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_ct.c')
-rw-r--r--net/netfilter/nft_ct.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index d85f9ad921f2..6bf6ed710de1 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -324,12 +324,14 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
{
struct nft_ct *priv = nft_expr_priv(expr);
+ unsigned int len;
int err;
priv->key = ntohl(nla_get_be32(tb[NFTA_CT_KEY]));
switch (priv->key) {
#ifdef CONFIG_NF_CONNTRACK_MARK
case NFT_CT_MARK:
+ len = FIELD_SIZEOF(struct nf_conn, mark);
break;
#endif
default:
@@ -337,7 +339,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
}
priv->sreg = ntohl(nla_get_be32(tb[NFTA_CT_SREG]));
- err = nft_validate_input_register(priv->sreg);
+ err = nft_validate_register_load(priv->sreg, len);
if (err < 0)
return err;