git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Aug 2022 09:25:43 +0000 (11:25 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Aug 2022 17:38:16 +0000 (19:38 +0200)
commit	2ac4d916d5230c05c129affed31ddb909ab66348
tree	9e88b60247f1de1e8af590f2bb67ce4d78ea0413	tree \| snapshot
parent	381aa4f9f75e89e4ef4eb76d7d7d83fb252ca408	commit \| diff

netfilter: nf_tables: validate variable length element extension

Update template to validate variable length extensions. This patch adds
a new .ext_len[id] field to the template to store the expected extension
length. This is used to sanity check the initialization of the variable
length extension.

Use PTR_ERR() in nft_set_elem_init() to report errors since, after this
update, there are two reason why this might fail, either because of
ENOMEM or insufficient room in the extension field (EINVAL).

Kernels up until f9b73cd73839 ("netfilter: nf_tables: stricter
validation of element data") allowed to copy more data to the extension
than was allocated. This ext_len field allows to validate if the
destination has the correct size as additional check.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_dynset.c		diff \| blob \| history