diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-11 02:27:26 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 16:25:49 +0200 |
| commit | 45d9bcda21f4c13be75e3571b0f0ef39e77934b5 (patch) | |
| tree | 54312412f1a9253360db901877e8b51991777562 /net/netfilter/nft_meta.c | |
| parent | e60a9de49c3744aa44128eaaed3aca965911ca2e (diff) | |
netfilter: nf_tables: validate len in nft_validate_data_load()
For values spanning multiple registers, we need to validate that enough
space is available from the destination register onwards. Add a len
argument to nft_validate_data_load() and consolidate the existing length
validations in preparation of that.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_meta.c')
| -rw-r--r-- | net/netfilter/nft_meta.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index d79ce88be77f..d4bdd776dc97 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -217,22 +217,23 @@ int nft_meta_get_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_meta *priv = nft_expr_priv(expr); + unsigned int len; int err; priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY])); switch (priv->key) { - case NFT_META_LEN: case NFT_META_PROTOCOL: + case NFT_META_IIFTYPE: + case NFT_META_OIFTYPE: + len = sizeof(u16); + break; case NFT_META_NFPROTO: case NFT_META_L4PROTO: + case NFT_META_LEN: case NFT_META_PRIORITY: case NFT_META_MARK: case NFT_META_IIF: case NFT_META_OIF: - case NFT_META_IIFNAME: - case NFT_META_OIFNAME: - case NFT_META_IIFTYPE: - case NFT_META_OIFTYPE: case NFT_META_SKUID: case NFT_META_SKGID: #ifdef CONFIG_IP_ROUTE_CLASSID @@ -246,6 +247,11 @@ int nft_meta_get_init(const struct nft_ctx *ctx, case NFT_META_IIFGROUP: case NFT_META_OIFGROUP: case NFT_META_CGROUP: + len = sizeof(u32); + break; + case NFT_META_IIFNAME: + case NFT_META_OIFNAME: + len = IFNAMSIZ; break; default: return -EOPNOTSUPP; @@ -256,7 +262,8 @@ int nft_meta_get_init(const struct nft_ctx *ctx, if (err < 0) return err; - err = nft_validate_data_load(ctx, priv->dreg, NULL, NFT_DATA_VALUE); + err = nft_validate_data_load(ctx, priv->dreg, NULL, + NFT_DATA_VALUE, len); if (err < 0) return err; |