diff options
author | Laura Garcia Liebana <nevola@gmail.com> | 2016-11-14 22:33:34 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-24 14:40:03 +0100 |
commit | abd66e9f3cc50c9c3ba4cf609749374090a2f215 (patch) | |
tree | e9266a52b4af3fda805bbbb04a466fab69f4c8b9 /net | |
parent | 486dcf43da7815baa615822f3e46883ccca5400f (diff) | |
download | op-kernel-dev-abd66e9f3cc50c9c3ba4cf609749374090a2f215.zip op-kernel-dev-abd66e9f3cc50c9c3ba4cf609749374090a2f215.tar.gz |
netfilter: nft_hash: validate maximum value of u32 netlink hash attribute
Use the function nft_parse_u32_check() to fetch the value and validate
the u32 attribute into the hash len u8 field.
This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check
on u8 nft_exthdr attributes").
Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression")
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_hash.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index baf694d..d5447a2 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c @@ -53,6 +53,7 @@ static int nft_hash_init(const struct nft_ctx *ctx, { struct nft_hash *priv = nft_expr_priv(expr); u32 len; + int err; if (!tb[NFTA_HASH_SREG] || !tb[NFTA_HASH_DREG] || @@ -67,8 +68,10 @@ static int nft_hash_init(const struct nft_ctx *ctx, priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]); priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]); - len = ntohl(nla_get_be32(tb[NFTA_HASH_LEN])); - if (len == 0 || len > U8_MAX) + err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len); + if (err < 0) + return err; + if (len == 0) return -ERANGE; priv->len = len; |