netfilter: nft_log: check the validity of log level
authorLiping Zhang <liping.zhang@spreadtrum.com>
Mon, 18 Jul 2016 12:44:16 +0000 (20:44 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 21 Jul 2016 00:32:33 +0000 (02:32 +0200)
User can specify the log level larger than 7(debug level) via
nfnetlink, this is invalid. So in this case, we should report
EINVAL to the userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_log.c

index e1b34ff0ebd037cd559589ad4f5dab499bd21cff..5f6f088ff06e02411a3ab145718351cf68b673d2 100644 (file)
@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
                } else {
                        li->u.log.level = LOGLEVEL_WARNING;
                }
+               if (li->u.log.level > LOGLEVEL_DEBUG) {
+                       err = -EINVAL;
+                       goto err1;
+               }
+
                if (tb[NFTA_LOG_FLAGS] != NULL) {
                        li->u.log.logflags =
                                ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));