diff options
author | Ingo Molnar <mingo@kernel.org> | 2016-09-22 15:21:48 +0200 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2016-09-22 15:21:48 +0200 |
commit | 7cf0f1426a909ed36a8b349a4a975e0d68b5edad (patch) | |
tree | 0700bb26ceeefb95efc13c3247c04fe7207b509e /net/netfilter/nft_exthdr.c | |
parent | c907420fdaec78b17f59a6011cb5f9d6051c6a35 (diff) | |
parent | 9bf6ffdabdd6e70a0b69d032a0aff091afe1773e (diff) |
Merge branch 'locking/urgent' into locking/core, to pick up fixes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'net/netfilter/nft_exthdr.c')
-rw-r--r-- | net/netfilter/nft_exthdr.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index ba7aed13e174..82c264e40278 100644 --- a/net/netfilter/nft_exthdr.c +++ b/net/netfilter/nft_exthdr.c @@ -59,6 +59,7 @@ static int nft_exthdr_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_exthdr *priv = nft_expr_priv(expr); + u32 offset, len; if (tb[NFTA_EXTHDR_DREG] == NULL || tb[NFTA_EXTHDR_TYPE] == NULL || @@ -66,9 +67,15 @@ static int nft_exthdr_init(const struct nft_ctx *ctx, tb[NFTA_EXTHDR_LEN] == NULL) return -EINVAL; + offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET])); + len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN])); + + if (offset > U8_MAX || len > U8_MAX) + return -ERANGE; + priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]); - priv->offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET])); - priv->len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN])); + priv->offset = offset; + priv->len = len; priv->dreg = nft_parse_register(tb[NFTA_EXTHDR_DREG]); return nft_validate_register_store(ctx, priv->dreg, NULL, |