projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f04e599)
netfilter: nf_tables: limit maximum table name length to 32 bytes
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 5 Mar 2015 14:05:36 +0000 (15:05 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 6 Mar 2015 00:21:21 +0000 (01:21 +0100)
Set the same as we use for chain names, it should be enough.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h patch | blob | blame | history
include/uapi/linux/netfilter/nf_tables.h patch | blob | blame | history
net/netfilter/nf_tables_api.c patch | blob | blame | history

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 04188b47629d769406ab602af6c76f5777467db5..a143acafa5d929a9d34c0d291fefc9e335e8df06 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -535,7 +535,7 @@ struct nft_table {
        u64                             hgenerator;
        u32                             use;
        u16                             flags;
-       char                            name[];
+       char                            name[NFT_TABLE_MAXNAMELEN];
 };
 
 /**
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 832bc46db78bc3498e8ab18b6e7a50ba12c86acd..b9783931503b1f704a2422d85922301929dc2675 100644 (file)
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1,6 +1,7 @@
 #ifndef _LINUX_NF_TABLES_H
 #define _LINUX_NF_TABLES_H
 
+#define NFT_TABLE_MAXNAMELEN   32
 #define NFT_CHAIN_MAXNAMELEN   32
 #define NFT_USERDATA_MAXLEN    256
 
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 199fd0f27b0e128cfb8674ca331c2dae240e1b1c..284b20ce566b92060774d974c2884e2fb9c40cfb 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -401,7 +401,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
 }
 
 static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
-       [NFTA_TABLE_NAME]       = { .type = NLA_STRING },
+       [NFTA_TABLE_NAME]       = { .type = NLA_STRING,
+                                   .len = NFT_TABLE_MAXNAMELEN - 1 },
        [NFTA_TABLE_FLAGS]      = { .type = NLA_U32 },
 };
 
@@ -686,13 +687,13 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb,
        if (!try_module_get(afi->owner))
                return -EAFNOSUPPORT;
 
-       table = kzalloc(sizeof(*table) + nla_len(name), GFP_KERNEL);
+       table = kzalloc(sizeof(*table), GFP_KERNEL);
        if (table == NULL) {
                module_put(afi->owner);
                return -ENOMEM;
        }
 
-       nla_strlcpy(table->name, name, nla_len(name));
+       nla_strlcpy(table->name, name, NFT_TABLE_MAXNAMELEN);
        INIT_LIST_HEAD(&table->chains);
        INIT_LIST_HEAD(&table->sets);
        table->flags = flags;