netfilter: nf_tables: missing attribute validation in nf_tables_delflowtable()

Return -EINVAL is mandatory attributes are missing. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso 2018-02-26 13:16:05 +0100
committer: Pablo Neira Ayuso 2018-02-27 08:06:57 +0100
commit: e603ea4ba778846b5b2203546f0c6056ec198b16 (patch)
tree: 3533648c71ea055cc96cc918513a19a2e4d11149 /net/netfilter/nf_tables_api.c
parent: netfilter: nf_tables: return EBUSY if device already belongs to flowtable (diff)
download: kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.tar.gz
kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.tar.xz
kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 43acdeef045d..2b5aa78979db 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5161,6 +5161,11 @@ static int nf_tables_delflowtable(struct net *net, struct sock *nlsk,
 	struct nft_table *table;
 	struct nft_ctx ctx;
 
+	if (!nla[NFTA_FLOWTABLE_TABLE] ||
+	    (!nla[NFTA_FLOWTABLE_NAME] &&
+	     !nla[NFTA_FLOWTABLE_HANDLE]))
+		return -EINVAL;
+
 	table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
 				       family, genmask);
 	if (IS_ERR(table))
author	Pablo Neira Ayuso	2018-02-26 13:16:05 +0100
committer	Pablo Neira Ayuso	2018-02-27 08:06:57 +0100
commit	e603ea4ba778846b5b2203546f0c6056ec198b16 (patch)
tree	3533648c71ea055cc96cc918513a19a2e4d11149 /net/netfilter/nf_tables_api.c
parent	netfilter: nf_tables: return EBUSY if device already belongs to flowtable (diff)
download	kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.tar.gz kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.tar.xz kernel-qcow2-linux-e603ea4ba778846b5b2203546f0c6056ec198b16.zip