summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2016-11-14 22:33:34 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-11-24 14:40:03 +0100
commitabd66e9f3cc50c9c3ba4cf609749374090a2f215 (patch)
treee9266a52b4af3fda805bbbb04a466fab69f4c8b9 /net
parent486dcf43da7815baa615822f3e46883ccca5400f (diff)
downloadop-kernel-dev-abd66e9f3cc50c9c3ba4cf609749374090a2f215.zip
op-kernel-dev-abd66e9f3cc50c9c3ba4cf609749374090a2f215.tar.gz
netfilter: nft_hash: validate maximum value of u32 netlink hash attribute
Use the function nft_parse_u32_check() to fetch the value and validate the u32 attribute into the hash len u8 field. This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes"). Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression") Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nft_hash.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index baf694d..d5447a2 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -53,6 +53,7 @@ static int nft_hash_init(const struct nft_ctx *ctx,
{
struct nft_hash *priv = nft_expr_priv(expr);
u32 len;
+ int err;
if (!tb[NFTA_HASH_SREG] ||
!tb[NFTA_HASH_DREG] ||
@@ -67,8 +68,10 @@ static int nft_hash_init(const struct nft_ctx *ctx,
priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
- len = ntohl(nla_get_be32(tb[NFTA_HASH_LEN]));
- if (len == 0 || len > U8_MAX)
+ err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len);
+ if (err < 0)
+ return err;
+ if (len == 0)
return -ERANGE;
priv->len = len;
OpenPOWER on IntegriCloud