Commit 7bfdde70 authored Sep 22, 2016 by Liping Zhang Committed by Pablo Neira Ayuso Sep 25, 2016

netfilter: nft_ct: report error if mark and dir specified simultaneously

NFT_CT_MARK is unrelated to direction, so if NFTA_CT_DIRECTION attr is
specified, report EINVAL to the userspace. This validation check was
already done at nft_ct_get_init, but we missed it in nft_ct_set_init.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent d767ff2c

net/netfilter/nft_ct.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -364,6 +364,8 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
		switch (priv->key) {
		#ifdef CONFIG_NF_CONNTRACK_MARK
		case NFT_CT_MARK:
		if (tb[NFTA_CT_DIRECTION])
		return -EINVAL;
		len = FIELD_SIZEOF(struct nf_conn, mark);
		break;
		#endif