summaryrefslogtreecommitdiff
path: root/net/netfilter/xt_bpf.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/xt_bpf.c')
-rw-r--r--net/netfilter/xt_bpf.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c
index fa2ca0a13619..06b090d8e901 100644
--- a/net/netfilter/xt_bpf.c
+++ b/net/netfilter/xt_bpf.c
@@ -27,6 +27,9 @@ static int __bpf_mt_check_bytecode(struct sock_filter *insns, __u16 len,
{
struct sock_fprog_kern program;
+ if (len > XT_BPF_MAX_NUM_INSTR)
+ return -EINVAL;
+
program.len = len;
program.filter = insns;
@@ -52,6 +55,9 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret)
static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)
{
+ if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)
+ return -EINVAL;
+
*ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);
return PTR_ERR_OR_ZERO(*ret);
}
generated by cgit (git 2.34.1) at 2024-06-22 00:27:37 +0000