netfilter: nf_tables_offload: check for register data length mismatches

Make sure register data length does not mismatch immediate data length,
otherwise hit EOPNOTSUPP.

Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 974300178fa9064898d74827a901de2efc81c608..02afa752dd2e626355217d2f31e731ac131a4ce7 100644 (file)
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -134,12 +134,13 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
                                const struct nft_expr *expr)
 {
        const struct nft_bitwise *priv = nft_expr_priv(expr);
+       struct nft_offload_reg *reg = &ctx->regs[priv->dreg];
 
        if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) ||
-           priv->sreg != priv->dreg)
+           priv->sreg != priv->dreg || priv->len != reg->len)
                return -EOPNOTSUPP;
 
-       memcpy(&ctx->regs[priv->dreg].mask, &priv->mask, sizeof(priv->mask));
+       memcpy(&reg->mask, &priv->mask, sizeof(priv->mask));
 
        return 0;
 }

diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
index bd173b1824c6ed6c28d2fae579a1e3a0a132fe05..0744b2bb46da922b20f1a4798639916cd29f8587 100644 (file)
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -116,7 +116,7 @@ static int __nft_cmp_offload(struct nft_offload_ctx *ctx,
        u8 *mask = (u8 *)&flow->match.mask;
        u8 *key = (u8 *)&flow->match.key;
 
-       if (priv->op != NFT_CMP_EQ)
+       if (priv->op != NFT_CMP_EQ || reg->len != priv->len)
                return -EOPNOTSUPP;
 
        memcpy(key + reg->offset, &priv->data, priv->len);