mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-02 23:27:06 +00:00
netfilter: nf_tables: reject invalid set policy
[ Upstream commit0617c3de9b
] Report -EINVAL in case userspace provides a unsupported set backend policy. Fixes:c50b960ccc
("netfilter: nf_tables: implement proper set selection") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
78e8546646
commit
713a138855
1 changed files with 9 additions and 1 deletions
|
@ -4683,8 +4683,16 @@ static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
}
|
}
|
||||||
|
|
||||||
desc.policy = NFT_SET_POL_PERFORMANCE;
|
desc.policy = NFT_SET_POL_PERFORMANCE;
|
||||||
if (nla[NFTA_SET_POLICY] != NULL)
|
if (nla[NFTA_SET_POLICY] != NULL) {
|
||||||
desc.policy = ntohl(nla_get_be32(nla[NFTA_SET_POLICY]));
|
desc.policy = ntohl(nla_get_be32(nla[NFTA_SET_POLICY]));
|
||||||
|
switch (desc.policy) {
|
||||||
|
case NFT_SET_POL_PERFORMANCE:
|
||||||
|
case NFT_SET_POL_MEMORY:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (nla[NFTA_SET_DESC] != NULL) {
|
if (nla[NFTA_SET_DESC] != NULL) {
|
||||||
err = nf_tables_set_desc_parse(&desc, nla[NFTA_SET_DESC]);
|
err = nf_tables_set_desc_parse(&desc, nla[NFTA_SET_DESC]);
|
||||||
|
|
Loading…
Reference in a new issue