Commit b38895c5 authored Jan 09, 2014 by Pablo Neira Ayuso

netfilter: nft_meta: fix lack of validation of the input register



We have to validate that the input register is in the range of
allowed registers, otherwise we can take a incorrect register
value as input that may lead us to a crash.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent c4ede3d3

net/netfilter/nft_meta.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -239,6 +239,9 @@ static int nft_meta_init(const struct nft_ctx ctx, const struct nft_expr expr,
		return err;

		priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG]));
		err = nft_validate_input_register(priv->sreg);
		if (err < 0)
		return err;

		return 0;
		}