Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a61fadb authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files

[NETFILTER]: check nf_log function call arguments 



Check whether pf is too large in order to prevent array overflow.

Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d72367b6

include/linux/netfilter.h

+1 −1
Original line number Diff line number Diff line
@@ -157,7 +157,7 @@ struct nf_logger { 


/* Function to register/unregister log function. */

int nf_log_register(int pf, struct nf_logger *logger);

void nf_log_unregister_pf(int pf);

int nf_log_unregister_pf(int pf);

void nf_log_unregister_logger(struct nf_logger *logger);



/* Calls the registered backend logging function */

net/netfilter/nf_log.c

+9 −1
Original line number Diff line number Diff line
@@ -24,6 +24,9 @@ int nf_log_register(int pf, struct nf_logger *logger) 
{

	int ret = -EBUSY;



	if (pf >= NPROTO)

		return -EINVAL;



	/* Any setup of logging members must be done before

	 * substituting pointer. */

	spin_lock(&nf_log_lock);
@@ -38,14 +41,19 @@ int nf_log_register(int pf, struct nf_logger *logger) 
}		

EXPORT_SYMBOL(nf_log_register);



void nf_log_unregister_pf(int pf)

int nf_log_unregister_pf(int pf)

{

	if (pf >= NPROTO)

		return -EINVAL;



	spin_lock(&nf_log_lock);

	nf_logging[pf] = NULL;

	spin_unlock(&nf_log_lock);



	/* Give time to concurrent readers. */

	synchronize_net();



	return 0;

}

EXPORT_SYMBOL(nf_log_unregister_pf);