projects
/
GitHub
/
LineageOS
/
G12
/
android_kernel_amlogic_linux-4.9.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f3f5dde
)
netfilter: nft_nat: insufficient attribute validation
author
Pablo Neira Ayuso
<pablo@netfilter.org>
Wed, 15 Oct 2014 22:16:57 +0000
(
00:16
+0200)
committer
Pablo Neira Ayuso
<pablo@netfilter.org>
Sat, 18 Oct 2014 12:16:11 +0000
(14:16 +0200)
We have to validate that we at least get an NFTA_NAT_REG_ADDR_MIN or
NFTA_NFT_REG_PROTO_MIN attribute. Reject the configuration if none
of them are present.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_nat.c
patch
|
blob
|
blame
|
history
diff --git
a/net/netfilter/nft_nat.c
b/net/netfilter/nft_nat.c
index 0f0af6e86fb8a5ae2881ffaa91054cebfa8d8549..5078f1f1c569df93d466e2c5bd8c3b85f9277dd0 100644
(file)
--- a/
net/netfilter/nft_nat.c
+++ b/
net/netfilter/nft_nat.c
@@
-99,7
+99,9
@@
static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
if (err < 0)
return err;
- if (tb[NFTA_NAT_TYPE] == NULL)
+ if (tb[NFTA_NAT_TYPE] == NULL ||
+ (tb[NFTA_NAT_REG_ADDR_MIN] == NULL &&
+ tb[NFTA_NAT_REG_PROTO_MIN] == NULL))
return -EINVAL;
switch (ntohl(nla_get_be32(tb[NFTA_NAT_TYPE]))) {