projects
/
openwrt
/
staging
/
blogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c4ede3d
)
netfilter: nft_meta: fix lack of validation of the input register
author
Pablo Neira Ayuso
<pablo@netfilter.org>
Thu, 9 Jan 2014 19:03:55 +0000
(20:03 +0100)
committer
Pablo Neira Ayuso
<pablo@netfilter.org>
Thu, 9 Jan 2014 19:04:16 +0000
(20:04 +0100)
We have to validate that the input register is in the range of
allowed registers, otherwise we can take a incorrect register
value as input that may lead us to a crash.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_meta.c
patch
|
blob
|
history
diff --git
a/net/netfilter/nft_meta.c
b/net/netfilter/nft_meta.c
index b43975a43309597d23c9a5301b5c9e9fa2dd419f..e8254ad2e5a9f37e84694293c8ba4069b5e5f35e 100644
(file)
--- a/
net/netfilter/nft_meta.c
+++ b/
net/netfilter/nft_meta.c
@@
-239,6
+239,9
@@
static int nft_meta_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return err;
priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG]));
+ err = nft_validate_input_register(priv->sreg);
+ if (err < 0)
+ return err;
return 0;
}