Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a0a7379e authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: use u32 for chain use counter 



Since 4fefee57 ("netfilter: nf_tables: allow to delete several objects
from a batch"), every new rule bumps the chain use counter. However,
this is limited to 16 bits, which means that it will overrun after
2^16 rules.

Use a u32 chain counter and check for overflows (just like we do for
table objects).

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 5bc5c307

include/net/netfilter/nf_tables.h

+3 −3
Original line number Diff line number Diff line
@@ -503,9 +503,9 @@ enum nft_chain_flags { 
 *	@net: net namespace that this chain belongs to

 *	@table: table that this chain belongs to

 *	@handle: chain handle

 *	@flags: bitmask of enum nft_chain_flags

 *	@use: number of jump references to this chain

 *	@level: length of longest path to this chain

 *	@flags: bitmask of enum nft_chain_flags

 *	@name: name of the chain

 */

struct nft_chain {
@@ -514,9 +514,9 @@ struct nft_chain { 
	struct net			*net;

	struct nft_table		*table;

	u64				handle;

	u8				flags;

	u16				use;

	u32				use;

	u16				level;

	u8				flags;

	char				name[NFT_CHAIN_MAXNAMELEN];

};

net/netfilter/nf_tables_api.c

+3 −0
Original line number Diff line number Diff line
@@ -1730,6 +1730,9 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, 
		if (!create || nlh->nlmsg_flags & NLM_F_REPLACE)

			return -EINVAL;

		handle = nf_tables_alloc_handle(table);



		if (chain->use == UINT_MAX)

			return -EOVERFLOW;

	}



	if (nla[NFTA_RULE_POSITION]) {