projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3f2e14) | patch
netfilter: nft_compat: restrict match/target protocol to u16
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 1 Feb 2024 23:05:23 +0000 (00:05 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 16 Feb 2024 18:10:51 +0000 (19:10 +0100)
commita600c1ebc4646c38d12a153d6781ac46e64f0da7
tree6b3d12c7ae7b4e4fc6e823346e07d9e1e89cd1b7tree | snapshot
parentb3f2e143eb306b4f23162b02a71f8efd47e3b5a7commit | diff
netfilter: nft_compat: restrict match/target protocol to u16

[ Upstream commit d694b754894c93fb4d71a7f3699439dec111decc ]

xt_check_{match,target} expects u16, but NFTA_RULE_COMPAT_PROTO is u32.

NLA_POLICY_MAX(NLA_BE32, 65535) cannot be used because .max in
nla_policy is s16, see 3e48be05f3c7 ("netlink: add attribute range
validation to policy").

Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/netfilter/nft_compat.c diff | blob | history
Domain: System / Kernel;