mirror of
https://github.com/torvalds/linux
synced 2024-10-16 00:10:42 +00:00
netfilter: nf_tables: validate .maxattr at expression registration
struct nft_expr_info allows to store up to NFT_EXPR_MAXATTR (16) attributes when parsing netlink attributes. Rise a warning in case there is ever a nft expression whose .maxattr goes beyond this number of expressions, in such case, struct nft_expr_info needs to be updated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
0617c3de9b
commit
65b3bd600e
|
@ -2977,6 +2977,9 @@ static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info,
|
|||
*/
|
||||
int nft_register_expr(struct nft_expr_type *type)
|
||||
{
|
||||
if (WARN_ON_ONCE(type->maxattr > NFT_EXPR_MAXATTR))
|
||||
return -ENOMEM;
|
||||
|
||||
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
||||
if (type->family == NFPROTO_UNSPEC)
|
||||
list_add_tail_rcu(&type->list, &nf_tables_expressions);
|
||||
|
|
Loading…
Reference in a new issue