Skip to content

Commit

Permalink
netfilter: nf_tables: stricter validation of element data
Browse files Browse the repository at this point in the history 
commit 7e6bc1f upstream.

Make sure element data type and length do not mismatch the one specified
by the set declaration.

Fixes: 7d74026 ("netfilter: nf_tables: variable sized set element keys / data")
Reported-by: Hugues ANGUELKOV <hanguelkov@randorisec.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
@ummakynes @gregkh
ummakynes authored and gregkh committed Jul 12, 2022
1 parent 4a6430b commit 0a5e36d
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion net/netfilter/nf_tables_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4886,13 +4886,20 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set,
struct nft_data *data,
struct nlattr *attr)
{
u32 dtype;
int err;

err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr);
if (err < 0)
return err;

if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) {
if (set->dtype == NFT_DATA_VERDICT)
dtype = NFT_DATA_VERDICT;
else
dtype = NFT_DATA_VALUE;

if (dtype != desc->type ||
set->dlen != desc->len) {
nft_data_release(data, desc->type);
return -EINVAL;
}
Expand Down

0 comments on commit 0a5e36d

Please sign in to comment.