Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 606a9a02 authored by Tim Gardner's avatar Tim Gardner Committed by Patrick McHardy
Browse files

netfilter: xt_recent: check for unsupported user space flags 



Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 0079c5ae

include/linux/netfilter/xt_recent.h

+3 −0
Original line number Original line Diff line number Diff line
@@ -20,6 +20,9 @@ enum { 
/* Only allowed with --rcheck and --update */

/* Only allowed with --rcheck and --update */

#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)

#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)





#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\

			       XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)



struct xt_recent_mtinfo {

struct xt_recent_mtinfo {

	__u32 seconds;

	__u32 seconds;

	__u32 hit_count;

	__u32 hit_count;

net/netfilter/xt_recent.c

+5 −0
Original line number Original line Diff line number Diff line
@@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) 
		get_random_bytes(&hash_rnd, sizeof(hash_rnd));

		get_random_bytes(&hash_rnd, sizeof(hash_rnd));

		hash_rnd_inited = true;

		hash_rnd_inited = true;

	}

	}

	if (info->check_set & ~XT_RECENT_VALID_FLAGS) {

		pr_info(KBUILD_MODNAME ": Unsupported user space flags "

			"(%08x)\n", info->check_set);

		return false;

	}

	if (hweight8(info->check_set &

	if (hweight8(info->check_set &

		     (XT_RECENT_SET | XT_RECENT_REMOVE |

		     (XT_RECENT_SET | XT_RECENT_REMOVE |

		      XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)

		      XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)