git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 14 Oct 2014 08:13:48 +0000 (10:13 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 18 Oct 2014 12:14:07 +0000 (14:14 +0200)
commit	84afd01592188c824f73c406490ce337c86acfa2
tree	8515ff30729229052cd91d69a49322424a05290b	tree \| snapshot
parent	32679e2659d35ec54ce0c75d24bc9595ffcb3fa0	commit \| diff

netfilter: nft_compat: validate chain type in match/target

We have to validate the real chain type to ensure that matches/targets
are not used out from their scope (eg. MASQUERADE in nat chain type).
The existing validation relies on the table name, but this is not
sufficient since userspace can fool us by using the appropriate table
name with a different chain type.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nft_compat.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom