projects / profile / wearable / platform / kernel / linux-4.9-exynos9110.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b6f9da) | patch
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
authorLiping Zhang <zlpnobody@gmail.com>
Sun, 19 Mar 2017 14:35:59 +0000 (22:35 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 8 Oct 2017 08:26:10 +0000 (10:26 +0200)
commitcd402b889606ed9b51d76594ddd059a8be6356a1
tree9fa817b33576c0cf02816a1ba6375e57182f0a0etree | snapshot
parent9b6f9da9e55a41bb6ff1fbd0a3e7ebe3c33fec74commit | diff
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max

[ Upstream commit ae5c682113f9f94cc5e76f92cf041ee624c173ee ]

The helper->expect_class_max must be set to the total number of
expect_policy minus 1, since we will use the statement "if (class >
helper->expect_class_max)" to validate the CTA_EXPECT_CLASS attr in
ctnetlink_alloc_expect.

So for compatibility, set the helper->expect_class_max to the
NFCTH_POLICY_SET_NUM attr's value minus 1.

Also: it's invalid when the NFCTH_POLICY_SET_NUM attr's value is zero.
1. this will result "expect_policy = kzalloc(0, GFP_KERNEL);";
2. we cannot set the helper->expect_class_max to a proper value.

So if nla_get_be32(tb[NFCTH_POLICY_SET_NUM]) is zero, report -EINVAL to
the userspace.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netfilter/nfnetlink_cthelper.c diff | blob | history
Domain: System / Kernel;