45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Sat, 2 Jul 2022 04:16:30 +0200
|
|
Subject: netfilter: nf_tables: stricter validation of element data
|
|
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
commit 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 upstream.
|
|
|
|
Make sure element data type and length do not mismatch the one specified
|
|
by the set declaration.
|
|
|
|
Fixes: 7d7402642eaf ("netfilter: nf_tables: variable sized set element keys / data")
|
|
Reported-by: Hugues ANGUELKOV <hanguelkov@randorisec.fr>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
---
|
|
net/netfilter/nf_tables_api.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
--- a/net/netfilter/nf_tables_api.c
|
|
+++ b/net/netfilter/nf_tables_api.c
|
|
@@ -5118,13 +5118,20 @@ static int nft_setelem_parse_data(struct
|
|
struct nft_data *data,
|
|
struct nlattr *attr)
|
|
{
|
|
+ u32 dtype;
|
|
int err;
|
|
|
|
err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr);
|
|
if (err < 0)
|
|
return err;
|
|
|
|
- if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) {
|
|
+ if (set->dtype == NFT_DATA_VERDICT)
|
|
+ dtype = NFT_DATA_VERDICT;
|
|
+ else
|
|
+ dtype = NFT_DATA_VALUE;
|
|
+
|
|
+ if (dtype != desc->type ||
|
|
+ set->dlen != desc->len) {
|
|
nft_data_release(data, desc->type);
|
|
return -EINVAL;
|
|
}
|