diff options
| author | Laura Garcia Liebana <nevola@gmail.com> | 2016-09-14 15:00:02 +0200 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2017-02-23 03:54:03 +0000 |
| commit | 4f00b3d78eaaf05193567df939b19aae3c708976 (patch) | |
| tree | 712aa22461bfc2e34e5a0dbe5a1ae33c55f11822 /include | |
| parent | aaf2bb422c25859fad0a66fb722bc47866004ab8 (diff) | |
| download | linux-stable-4f00b3d78eaaf05193567df939b19aae3c708976.tar.gz linux-stable-4f00b3d78eaaf05193567df939b19aae3c708976.tar.bz2 linux-stable-4f00b3d78eaaf05193567df939b19aae3c708976.zip | |
netfilter: nf_tables: validate maximum value of u32 netlink attributes
commit 36b701fae12ac763a568037e4e7c96b5727a8b3e upstream.
Fetch value and validate u32 netlink attribute. This validation is
usually required when the u32 netlink attributes are being stored in a
field whose size is smaller.
This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check
on u8 nft_exthdr attributes").
Fixes: 96518518cc41 ("netfilter: add nftables")
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index c4d86198d3d6..62ea594d557e 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -113,6 +113,7 @@ static inline enum nft_registers nft_type_to_reg(enum nft_data_types type) return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1; } +unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest); int nft_validate_input_register(enum nft_registers reg); int nft_validate_output_register(enum nft_registers reg); int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg, |