netfilter: nf_tables: check for overflow of rule dlen field

author Patrick McHardy <kaber@trash.net>

Tue, 3 Mar 2015 20:04:19 +0000 (20:04 +0000)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 4 Mar 2015 17:46:05 +0000 (18:46 +0100)
author Patrick McHardy <kaber@trash.net>
Tue, 3 Mar 2015 20:04:19 +0000 (20:04 +0000)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Mar 2015 17:46:05 +0000 (18:46 +0100)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 6fb532bf0fdb522a609d6b9182593344ec48f0a5..7baafd5ab52093bf2148076cbba320e17f6c7e2a 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1968,6 +1968,10 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
                         n++;
                 }
         }
+       /* Check for overflow of dlen field */
+       err = -EFBIG;
+       if (size >= 1 << 12)
+               goto err1;
  
         if (nla[NFTA_RULE_USERDATA])
                 ulen = nla_len(nla[NFTA_RULE_USERDATA]);
author	Patrick McHardy <kaber@trash.net>
	Tue, 3 Mar 2015 20:04:19 +0000 (20:04 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 4 Mar 2015 17:46:05 +0000 (18:46 +0100)