Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9306425b authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: ctnetlink: must check mark attributes vs NULL 



else we will oops (null deref) when the attributes aren't present.

Also add back the EOPNOTSUPP in case MARK filtering is requested but
kernel doesn't support it.

Fixes: 59c08c69 ("netfilter: ctnetlink: Support L3 protocol-filter on flush")
Reported-by: default avatar <syzbot+e45eda8eda6e93a03959@syzkaller.appspotmail.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0de22baa

net/netfilter/nf_conntrack_netlink.c

+9 −2
Original line number Diff line number Diff line
@@ -832,6 +832,11 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family) 
{

	struct ctnetlink_filter *filter;



#ifndef CONFIG_NF_CONNTRACK_MARK

	if (cda[CTA_MARK] && cda[CTA_MARK_MASK])

		return ERR_PTR(-EOPNOTSUPP);

#endif



	filter = kzalloc(sizeof(*filter), GFP_KERNEL);

	if (filter == NULL)

		return ERR_PTR(-ENOMEM);
@@ -839,8 +844,10 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family) 
	filter->family = family;



#ifdef CONFIG_NF_CONNTRACK_MARK

	if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {

		filter->mark.val = ntohl(nla_get_be32(cda[CTA_MARK]));

		filter->mark.mask = ntohl(nla_get_be32(cda[CTA_MARK_MASK]));

	}

#endif

	return filter;

}