Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dceb48d8 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: x_tables: check name length in find_match/target, too 



ebtables uses find_match() rather than find_request_match in one case
(see bcf49342,
 "netfilter: ebtables: Fix extension lookup with identical name"), so
 extend the check on name length to those functions too.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 72d4d3e3

net/netfilter/x_tables.c

+6 −0
Original line number Diff line number Diff line
@@ -183,6 +183,9 @@ struct xt_match *xt_find_match(u8 af, const char *name, u8 revision) 
	struct xt_match *m;

	int err = -ENOENT;



	if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)

		return ERR_PTR(-EINVAL);



	mutex_lock(&xt[af].mutex);

	list_for_each_entry(m, &xt[af].match, list) {

		if (strcmp(m->name, name) == 0) {
@@ -229,6 +232,9 @@ struct xt_target *xt_find_target(u8 af, const char *name, u8 revision) 
	struct xt_target *t;

	int err = -ENOENT;



	if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)

		return ERR_PTR(-EINVAL);



	mutex_lock(&xt[af].mutex);

	list_for_each_entry(t, &xt[af].target, list) {

		if (strcmp(t->name, name) == 0) {