diff options
author | Patrick McHardy <kaber@trash.net> | 2015-04-11 02:27:30 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 16:25:50 +0200 |
commit | d07db9884a5fba8c8020166c86183c79a18d066a (patch) | |
tree | 74579f0a339d2fa8f8586b5971311ba3ba62ecff /net/netfilter/nft_meta.c | |
parent | 27e6d2017abdfbdb8b790c34c93d65ee10ce2fc5 (diff) | |
download | linux-d07db9884a5fba8c8020166c86183c79a18d066a.tar.gz linux-d07db9884a5fba8c8020166c86183c79a18d066a.tar.bz2 linux-d07db9884a5fba8c8020166c86183c79a18d066a.zip |
netfilter: nf_tables: introduce nft_validate_register_load()
Change nft_validate_input_register() to not only validate the input
register number, but also the length of the load, and rename it to
nft_validate_register_load() to reflect that change.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_meta.c')
-rw-r--r-- | net/netfilter/nft_meta.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index fbaee1d373bb..0ae6bb732418 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -267,20 +267,24 @@ int nft_meta_set_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_meta *priv = nft_expr_priv(expr); + unsigned int len; int err; priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY])); switch (priv->key) { case NFT_META_MARK: case NFT_META_PRIORITY: + len = sizeof(u32); + break; case NFT_META_NFTRACE: + len = sizeof(u8); break; default: return -EOPNOTSUPP; } priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG])); - err = nft_validate_input_register(priv->sreg); + err = nft_validate_register_load(priv->sreg, len); if (err < 0) return err; |