netfilter: nft_payload: do not truncate csum_offset and csum_type (a2ce367a) · Commits · e / devices / android_kernel_fairphone_FP5

net/netfilter/nft_payload.c

+13 −6

Original line number	Diff line number	Diff line
		@@ -558,6 +558,8 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
		const struct nlattr * const tb[])
		{
		struct nft_payload_set *priv = nft_expr_priv(expr);
		u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE;
		int err;

		priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
		priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
		@@ -565,11 +567,15 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
		priv->sreg = nft_parse_register(tb[NFTA_PAYLOAD_SREG]);

		if (tb[NFTA_PAYLOAD_CSUM_TYPE])
		priv->csum_type =
		ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
		if (tb[NFTA_PAYLOAD_CSUM_OFFSET])
		priv->csum_offset =
		ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET]));
		csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
		if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) {
		err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX,
		&csum_offset);
		if (err < 0)
		return err;

		priv->csum_offset = csum_offset;
		}
		if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
		u32 flags;

		@@ -580,13 +586,14 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
		priv->csum_flags = flags;
		}

		switch (priv->csum_type) {
		switch (csum_type) {
		case NFT_PAYLOAD_CSUM_NONE:
		case NFT_PAYLOAD_CSUM_INET:
		break;
		default:
		return -EOPNOTSUPP;
		}
		priv->csum_type = csum_type;

		return nft_validate_register_load(priv->sreg, priv->len);
		}