xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nft_payload: do not truncate csum_offset and csum_type

Browse Source 
[ Upstream commit 7044ab281febae9e2fa9b0b247693d6026166293 ]

Instead report ERANGE if csum_offset is too long, and EOPNOTSUPP if type
is not support.

Fixes: 7ec3f7b47b ("netfilter: nft_payload: add packet mangling support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Pablo Neira Ayuso
2022-08-21 11:55:19 +02:00
committed by Greg Kroah-Hartman
parent 93a46d6c72
commit ea358cfc8e
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
net/netfilter/nft_payload.c
View File

@@ -660,17 +660,23 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[]) const struct nlattr * const tb[])
{ {
struct nft_payload_set *priv = nft_expr_priv(expr); struct nft_payload_set *priv = nft_expr_priv(expr);
u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE;
int err;
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE])); priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET])); priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN])); priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
if (tb[NFTA_PAYLOAD_CSUM_TYPE]) if (tb[NFTA_PAYLOAD_CSUM_TYPE])
priv->csum_type = csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE])); if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) {
if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX,
priv->csum_offset = &csum_offset);
ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET])); if (err < 0)
return err;
priv->csum_offset = csum_offset;
}
if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) { if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
u32 flags; u32 flags;
@@ -681,7 +687,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
priv->csum_flags = flags; priv->csum_flags = flags;
} }
switch (priv->csum_type) { switch (csum_type) {
case NFT_PAYLOAD_CSUM_NONE: case NFT_PAYLOAD_CSUM_NONE:
case NFT_PAYLOAD_CSUM_INET: case NFT_PAYLOAD_CSUM_INET:
break; break;
@@ -695,6 +701,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
default: default:
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->csum_type = csum_type;
return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg, return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg,
priv->len); priv->len);