netfilter: nf_tables: do not allow mismatch field size and set key length

[platform/kernel/linux-starfive.git] / net / netfilter / nf_tables_api.c

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 55cd821..5730f9a 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4753,8 +4753,8 @@ static int nft_set_desc_concat_parse(const struct nlattr *attr,
 static int nft_set_desc_concat(struct nft_set_desc *desc,
                               const struct nlattr *nla)
 {
+       u32 num_regs = 0, key_num_regs = 0;
        struct nlattr *attr;
-       u32 num_regs = 0;
        int rem, err, i;
 
        nla_for_each_nested(attr, nla, rem) {
@@ -4769,6 +4769,10 @@ static int nft_set_desc_concat(struct nft_set_desc *desc,
        for (i = 0; i < desc->field_count; i++)
                num_regs += DIV_ROUND_UP(desc->field_len[i], sizeof(u32));
 
+       key_num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));
+       if (key_num_regs != num_regs)
+               return -EINVAL;
+
        if (num_regs > NFT_REG32_COUNT)
                return -E2BIG;