Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0b21edf4 authored by Florian Westphal's avatar Florian Westphal Committed by Greg Kroah-Hartman
Browse files

netfilter: nft_tproxy: restrict to prerouting hook 



commit 18bbc3213383a82b05383827f4b1b882e3f0a5a5 upstream.

TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
This fixes a crash (null dereference) when using tproxy from e.g. output.

Fixes: 4ed8eb65 ("netfilter: nf_tables: Add native tproxy support")
Reported-by: default avatarShell Chen <xierch@gmail.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarQingfang DENG <dqfext@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent d8dca1bf

net/netfilter/nft_tproxy.c

+8 −0
Original line number Diff line number Diff line
@@ -289,6 +289,13 @@ static int nft_tproxy_dump(struct sk_buff *skb, 
	return 0;

}



static int nft_tproxy_validate(const struct nft_ctx *ctx,

			       const struct nft_expr *expr,

			       const struct nft_data **data)

{

	return nft_chain_validate_hooks(ctx->chain, 1 << NF_INET_PRE_ROUTING);

}



static struct nft_expr_type nft_tproxy_type;

static const struct nft_expr_ops nft_tproxy_ops = {

	.type		= &nft_tproxy_type,
@@ -296,6 +303,7 @@ static const struct nft_expr_ops nft_tproxy_ops = { 
	.eval		= nft_tproxy_eval,

	.init		= nft_tproxy_init,

	.dump		= nft_tproxy_dump,

	.validate	= nft_tproxy_validate,

};



static struct nft_expr_type nft_tproxy_type __read_mostly = {