mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 14:19:16 +00:00
netfilter: nf_tables: validate .maxattr at expression registration
struct nft_expr_info allows to store up to NFT_EXPR_MAXATTR (16) attributes when parsing netlink attributes. Rise a warning in case there is ever a nft expression whose .maxattr goes beyond this number of expressions, in such case, struct nft_expr_info needs to be updated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
0617c3de9b
commit
65b3bd600e
1 changed files with 3 additions and 0 deletions
|
@ -2977,6 +2977,9 @@ static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
*/
|
*/
|
||||||
int nft_register_expr(struct nft_expr_type *type)
|
int nft_register_expr(struct nft_expr_type *type)
|
||||||
{
|
{
|
||||||
|
if (WARN_ON_ONCE(type->maxattr > NFT_EXPR_MAXATTR))
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
||||||
if (type->family == NFPROTO_UNSPEC)
|
if (type->family == NFPROTO_UNSPEC)
|
||||||
list_add_tail_rcu(&type->list, &nf_tables_expressions);
|
list_add_tail_rcu(&type->list, &nf_tables_expressions);
|
||||||
|
|
Loading…
Reference in a new issue