netfilter: nf_tables: validate family when identifying table via handle (f696eaf6) · Commits · e / devices / android_kernel_oneplus_sm7250

net/netfilter/nf_tables_api.c

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -536,7 +536,7 @@ static struct nft_table nft_table_lookup(const struct net net,

	static struct nft_table nft_table_lookup_byhandle(const struct net net,		static struct nft_table nft_table_lookup_byhandle(const struct net net,
	const struct nlattr *nla,		const struct nlattr *nla,
	u8 genmask)		int family, u8 genmask)
	{		{
	struct nftables_pernet *nft_net;		struct nftables_pernet *nft_net;
	struct nft_table *table;		struct nft_table *table;
	@@ -544,6 +544,7 @@ static struct nft_table nft_table_lookup_byhandle(const struct net net,
	nft_net = net_generic(net, nf_tables_net_id);		nft_net = net_generic(net, nf_tables_net_id);
	list_for_each_entry(table, &nft_net->tables, list) {		list_for_each_entry(table, &nft_net->tables, list) {
	if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&		if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
			table->family == family &&
	nft_active_genmask(table, genmask))		nft_active_genmask(table, genmask))
	return table;		return table;
	}		}
	@@ -1189,7 +1190,7 @@ static int nf_tables_deltable(struct net net, struct sock nlsk,

	if (nla[NFTA_TABLE_HANDLE]) {		if (nla[NFTA_TABLE_HANDLE]) {
	attr = nla[NFTA_TABLE_HANDLE];		attr = nla[NFTA_TABLE_HANDLE];
	table = nft_table_lookup_byhandle(net, attr, genmask);		table = nft_table_lookup_byhandle(net, attr, family, genmask);
	} else {		} else {
	attr = nla[NFTA_TABLE_NAME];		attr = nla[NFTA_TABLE_NAME];
	table = nft_table_lookup(net, attr, family, genmask);		table = nft_table_lookup(net, attr, family, genmask);