[NETFILTER]: nf_conntrack_tcp: catch invalid state updates over ctnetlink (5f7da4d2) · Commits · e / devices / android_kernel_xiaomi_markw

net/netfilter/nf_conntrack_proto_tcp.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -1129,10 +1129,12 @@ static int nlattr_to_tcp(struct nlattr cda[], struct nf_conn ct)
		if (err < 0)
		return err;

		if (!tb[CTA_PROTOINFO_TCP_STATE])
		if (tb[CTA_PROTOINFO_TCP_STATE] &&
		nla_get_u8(tb[CTA_PROTOINFO_TCP_STATE]) >= TCP_CONNTRACK_MAX)
		return -EINVAL;

		write_lock_bh(&tcp_lock);
		if (tb[CTA_PROTOINFO_TCP_STATE])
		ct->proto.tcp.state = nla_get_u8(tb[CTA_PROTOINFO_TCP_STATE]);

		if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]) {