Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9911c113 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: xt_owner: bail out with EINVAL in case of unsupported flags 



Reject flags that are not supported with EINVAL.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 87e389b4

include/uapi/linux/netfilter/xt_owner.h

+5 −0
Original line number Diff line number Diff line
@@ -11,6 +11,11 @@ enum { 
	XT_OWNER_SUPPL_GROUPS = 1 << 3,

};



#define XT_OWNER_MASK	(XT_OWNER_UID | 	\

			 XT_OWNER_GID | 	\

			 XT_OWNER_SOCKET |	\

			 XT_OWNER_SUPPL_GROUPS)



struct xt_owner_match_info {

	__u32 uid_min, uid_max;

	__u32 gid_min, gid_max;

net/netfilter/xt_owner.c

+3 −0
Original line number Diff line number Diff line
@@ -25,6 +25,9 @@ static int owner_check(const struct xt_mtchk_param *par) 
	struct xt_owner_match_info *info = par->matchinfo;

	struct net *net = par->net;



	if (info->match & ~XT_OWNER_MASK)

		return -EINVAL;



	/* Only allow the common case where the userns of the writer

	 * matches the userns of the network namespace.

	 */