netfilter: nf_tables: fix a missing check of nla_put_failure

[ Upstream commit eb8950861c1bfd3eecc8f6faad213e3bca0dc395 ] If nla_nest_start() may fail. The fix checks its return value and goes to nla_put_failure if it fails. Signed-off-by: Kangjie Lu <kjlu@umn.edu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Kangjie Lu <kjlu@umn.edu> 2018-12-21 00:46:23 -0600
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-12-05 09:20:59 +0100
commit: d398807976c904be4dfa2e7804d4ab43aa904774 (patch)
tree: 19062bad58a0ae6c77e260c12eeb2edb90554f3c /net/netfilter
parent: a787b7ac3cc79cc8ad02e91385b9c7f5adebd31c (diff)
download: linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.tar.gz
linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.tar.bz2
linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 289d079008ee..ec0f8b5bde0a 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5737,6 +5737,8 @@ static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net,
 		goto nla_put_failure;
 
 	nest = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK);
+	if (!nest)
+		goto nla_put_failure;
 	if (nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_NUM, htonl(flowtable->hooknum)) ||
 	    nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(flowtable->priority)))
 		goto nla_put_failure;
author	Kangjie Lu <kjlu@umn.edu>	2018-12-21 00:46:23 -0600
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-12-05 09:20:59 +0100
commit	d398807976c904be4dfa2e7804d4ab43aa904774 (patch)
tree	19062bad58a0ae6c77e260c12eeb2edb90554f3c /net/netfilter
parent	a787b7ac3cc79cc8ad02e91385b9c7f5adebd31c (diff)
download	linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.tar.gz linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.tar.bz2 linux-stable-d398807976c904be4dfa2e7804d4ab43aa904774.zip