diff options
| author | David S. Miller <davem@davemloft.net> | 2016-03-19 21:05:24 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-03-19 21:05:24 -0400 |
| commit | c78a85a8430e35aecd53e190a2f6b999062b1037 (patch) | |
| tree | fbd69827579db437492fb77b5faa53814114bed3 /net/netfilter/nft_compat.c | |
| parent | 133800d1f0288b9ddfc0d0aded10d9efa82d5b8c (diff) | |
| parent | de06dbfa7861c9019eedefc0c356ba86e5098f1b (diff) | |
| download | linux-stable-c78a85a8430e35aecd53e190a2f6b999062b1037.tar.gz linux-stable-c78a85a8430e35aecd53e190a2f6b999062b1037.tar.bz2 linux-stable-c78a85a8430e35aecd53e190a2f6b999062b1037.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
Diffstat (limited to 'net/netfilter/nft_compat.c')
| -rw-r--r-- | net/netfilter/nft_compat.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 454841baa4d0..6228c422c766 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -660,6 +660,9 @@ nft_match_select_ops(const struct nft_ctx *ctx, if (IS_ERR(match)) return ERR_PTR(-ENOENT); + if (match->matchsize > nla_len(tb[NFTA_MATCH_INFO])) + return ERR_PTR(-EINVAL); + /* This is the first time we use this match, allocate operations */ nft_match = kzalloc(sizeof(struct nft_xt), GFP_KERNEL); if (nft_match == NULL) @@ -740,6 +743,9 @@ nft_target_select_ops(const struct nft_ctx *ctx, if (IS_ERR(target)) return ERR_PTR(-ENOENT); + if (target->targetsize > nla_len(tb[NFTA_TARGET_INFO])) + return ERR_PTR(-EINVAL); + /* This is the first time we use this target, allocate operations */ nft_target = kzalloc(sizeof(struct nft_xt), GFP_KERNEL); if (nft_target == NULL) |