-
- Downloads
netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()
[ Upstream commit 0d2c96af ] Userspace might bogusly sent NFT_DATA_VERDICT in several netlink attributes that assume NFT_DATA_VALUE. Moreover, make sure that error path invokes nft_data_release() to decrement the reference count on the chain object. Fixes: 96518518 ("netfilter: add nftables") Fixes: 0f3cd9b3 ("netfilter: nf_tables: add range expression") Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Showing
- net/netfilter/nf_tables_api.c 3 additions, 1 deletionnet/netfilter/nf_tables_api.c
- net/netfilter/nft_bitwise.c 2 additions, 2 deletionsnet/netfilter/nft_bitwise.c
- net/netfilter/nft_cmp.c 6 additions, 0 deletionsnet/netfilter/nft_cmp.c
- net/netfilter/nft_range.c 10 additions, 0 deletionsnet/netfilter/nft_range.c
Loading
Please register or sign in to comment