Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f7fb77fc authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_compat: check extension hook mask only if set 



If the x_tables extension comes with no hook mask, skip this validation.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 3840538a

net/netfilter/nft_compat.c

+2 −2
Original line number Diff line number Diff line
@@ -305,7 +305,7 @@ static int nft_target_validate(const struct nft_ctx *ctx, 
		const struct nf_hook_ops *ops = &basechain->ops[0];



		hook_mask = 1 << ops->hooknum;

		if (!(hook_mask & target->hooks))

		if (target->hooks && !(hook_mask & target->hooks))

			return -EINVAL;



		ret = nft_compat_chain_validate_dependency(target->table,
@@ -484,7 +484,7 @@ static int nft_match_validate(const struct nft_ctx *ctx, 
		const struct nf_hook_ops *ops = &basechain->ops[0];



		hook_mask = 1 << ops->hooknum;

		if (!(hook_mask & match->hooks))

		if (match->hooks && !(hook_mask & match->hooks))

			return -EINVAL;



		ret = nft_compat_chain_validate_dependency(match->table,