netfilter: nf_tables: validate len in nft_validate_data_load()

int nft_validate_output_register(enum nft_registers reg);

int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg,

			   const struct nft_data *data,

			   enum nft_data_types type);

			   enum nft_data_types type, unsigned int len);

/**

				    const struct nlattr * const tb[])

{

	struct nft_meta *priv = nft_expr_priv(expr);

	unsigned int len;

	int err;

	priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));

	switch (priv->key) {

	case NFT_META_BRI_IIFNAME:

	case NFT_META_BRI_OIFNAME:

		len = IFNAMSIZ;

		break;

	default:

		return nft_meta_get_init(ctx, expr, tb);

	if (err < 0)

		return err;

	err = nft_validate_data_load(ctx, priv->dreg, NULL, NFT_DATA_VALUE);

	err = nft_validate_data_load(ctx, priv->dreg, NULL,

				     NFT_DATA_VALUE, len);

	if (err < 0)

		return err;

	dreg = nft_type_to_reg(set->dtype);

	return nft_validate_data_load(ctx, dreg, nft_set_ext_data(ext),

				      set->dtype == NFT_DATA_VERDICT ?

				      NFT_DATA_VERDICT : NFT_DATA_VALUE);

				      NFT_DATA_VERDICT : NFT_DATA_VALUE,

				      set->dlen);

}

int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,

				continue;

			err = nft_validate_data_load(&bind_ctx, dreg,

						     &data, d2.type);

						     &data, d2.type, d2.len);

			if (err < 0)

				goto err3;

		}

 * 	@reg: the destination register number

 * 	@data: the data to load

 * 	@type: the data type

 * 	@len: the length of the data

 *

 * 	Validate that a data load uses the appropriate data type for

 * 	the destination register. A value of NULL for the data means

 * 	that its runtime gathered data, which is always of type

 * 	NFT_DATA_VALUE.

 * 	the destination register and the length is within the bounds.

 * 	A value of NULL for the data means that its runtime gathered

 * 	data, which is always of type NFT_DATA_VALUE.

 */

int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg,

			   const struct nft_data *data,

			   enum nft_data_types type)

			   enum nft_data_types type, unsigned int len)

{

	int err;

		return 0;

	default:

		if (len == 0)

			return -EINVAL;

		if (len > FIELD_SIZEOF(struct nft_data, data))

			return -ERANGE;

		if (data != NULL && type != NFT_DATA_VALUE)

			return -EINVAL;

		return 0;

	    tb[NFTA_BITWISE_XOR] == NULL)

		return -EINVAL;

	priv->len = ntohl(nla_get_be32(tb[NFTA_BITWISE_LEN]));

	priv->sreg = ntohl(nla_get_be32(tb[NFTA_BITWISE_SREG]));

	err = nft_validate_input_register(priv->sreg);

	if (err < 0)

	err = nft_validate_output_register(priv->dreg);

	if (err < 0)

		return err;

	err = nft_validate_data_load(ctx, priv->dreg, NULL, NFT_DATA_VALUE);

	err = nft_validate_data_load(ctx, priv->dreg, NULL,

				     NFT_DATA_VALUE, priv->len);

	if (err < 0)

		return err;

	priv->len = ntohl(nla_get_be32(tb[NFTA_BITWISE_LEN]));

	err = nft_data_init(NULL, &priv->mask, &d1, tb[NFTA_BITWISE_MASK]);

	if (err < 0)

		return err;

	    tb[NFTA_BYTEORDER_OP] == NULL)

		return -EINVAL;

	priv->sreg = ntohl(nla_get_be32(tb[NFTA_BYTEORDER_SREG]));

	err = nft_validate_input_register(priv->sreg);

	if (err < 0)

		return err;

	priv->dreg = ntohl(nla_get_be32(tb[NFTA_BYTEORDER_DREG]));

	err = nft_validate_output_register(priv->dreg);

	if (err < 0)

		return err;

	err = nft_validate_data_load(ctx, priv->dreg, NULL, NFT_DATA_VALUE);

	if (err < 0)

		return err;

	priv->op = ntohl(nla_get_be32(tb[NFTA_BYTEORDER_OP]));

	switch (priv->op) {

	case NFT_BYTEORDER_NTOH:

		return -EINVAL;

	}

	priv->sreg = ntohl(nla_get_be32(tb[NFTA_BYTEORDER_SREG]));

	err = nft_validate_input_register(priv->sreg);

	if (err < 0)

		return err;

	priv->dreg = ntohl(nla_get_be32(tb[NFTA_BYTEORDER_DREG]));

	err = nft_validate_output_register(priv->dreg);

	if (err < 0)

		return err;

	err = nft_validate_data_load(ctx, priv->dreg, NULL,

				     NFT_DATA_VALUE, priv->len);

	if (err < 0)

		return err;

	return 0;

}