leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: nf_tables: validate len in nft_validate_data_load()

Browse Source 
For values spanning multiple registers, we need to validate that enough
space is available from the destination register onwards. Add a len
argument to nft_validate_data_load() and consolidate the existing length
validations in preparation of that.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Patrick McHardy
2015-04-11 02:27:26 +01:00
committed by Pablo Neira Ayuso
parent e60a9de49c
commit 45d9bcda21
10 changed files with 97 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/nf_tables.h
View File

@@ -116,7 +116,7 @@ int nft_validate_input_register(enum nft_registers reg);
int nft_validate_output_register(enum nft_registers reg);
int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg,
const struct nft_data *data,
enum nft_data_types type);
enum nft_data_types type, unsigned int len);
/**