netfilter: xt_owner: bail out with EINVAL in case of unsupported flags

Reject flags that are not supported with EINVAL. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-06-07 16:37:30 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-06-17 16:36:30 +0200
commit: 9911c1139fd072594ac259c2ce055b004ca92f49 (patch)
tree: 411d03f314f77a5ab2d3ebfa584e200162280534 /net/netfilter/xt_owner.c
parent: 87e389b4c20091b562bd65d90272f9d7c67eb437 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index a8784502aca6..ee597fdc5db7 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -25,6 +25,9 @@ static int owner_check(const struct xt_mtchk_param *par)
 	struct xt_owner_match_info *info = par->matchinfo;
 	struct net *net = par->net;
 
+	if (info->match & ~XT_OWNER_MASK)
+		return -EINVAL;
+
 	/* Only allow the common case where the userns of the writer
 	 * matches the userns of the network namespace.
 	 */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-06-07 16:37:30 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-06-17 16:36:30 +0200
commit	9911c1139fd072594ac259c2ce055b004ca92f49 (patch)
tree	411d03f314f77a5ab2d3ebfa584e200162280534 /net/netfilter/xt_owner.c
parent	87e389b4c20091b562bd65d90272f9d7c67eb437 (diff)