netfilter: nf_log: validate nf_logger_find_get()

Sanitize nf_logger_find_get() input parameters, no caller in the tree passes invalid values. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-29 20:24:25 +0100
committer: Florian Westphal <fw@strlen.de> 2024-02-21 11:57:11 +0100
commit: c47ec2b120b4a9d573e65baa33ff3f542f7ba273 (patch)
tree: 5ca73a97f40b3e448f04fd5c8dd50699daf85521 /net/netfilter
parent: 79578be4d35c842a802487e2f31c2aed80cc005f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e0bfeb75766f..370f8231385c 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type)
 	struct nf_logger *logger;
 	int ret = -ENOENT;
 
+	if (pf >= ARRAY_SIZE(loggers))
+		return -EINVAL;
+	if (type >= NF_LOG_TYPE_MAX)
+		return -EINVAL;
+
 	if (pf == NFPROTO_INET) {
 		ret = nf_logger_find_get(NFPROTO_IPV4, type);
 		if (ret < 0)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-29 20:24:25 +0100
committer	Florian Westphal <fw@strlen.de>	2024-02-21 11:57:11 +0100
commit	c47ec2b120b4a9d573e65baa33ff3f542f7ba273 (patch)
tree	5ca73a97f40b3e448f04fd5c8dd50699daf85521 /net/netfilter
parent	79578be4d35c842a802487e2f31c2aed80cc005f (diff)