diff options
author | Liping Zhang | 2017-03-19 15:35:59 +0100 |
---|---|---|
committer | Pablo Neira Ayuso | 2017-03-21 15:47:09 +0100 |
commit | ae5c682113f9f94cc5e76f92cf041ee624c173ee (patch) | |
tree | 228c9db7cad11d2de27c8614237016ca4d7dce4f /net/netfilter/nft_nat.c | |
parent | tcp: tcp_get_info() should read tcp_time_stamp later (diff) | |
download | kernel-qcow2-linux-ae5c682113f9f94cc5e76f92cf041ee624c173ee.tar.gz kernel-qcow2-linux-ae5c682113f9f94cc5e76f92cf041ee624c173ee.tar.xz kernel-qcow2-linux-ae5c682113f9f94cc5e76f92cf041ee624c173ee.zip |
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
The helper->expect_class_max must be set to the total number of
expect_policy minus 1, since we will use the statement "if (class >
helper->expect_class_max)" to validate the CTA_EXPECT_CLASS attr in
ctnetlink_alloc_expect.
So for compatibility, set the helper->expect_class_max to the
NFCTH_POLICY_SET_NUM attr's value minus 1.
Also: it's invalid when the NFCTH_POLICY_SET_NUM attr's value is zero.
1. this will result "expect_policy = kzalloc(0, GFP_KERNEL);";
2. we cannot set the helper->expect_class_max to a proper value.
So if nla_get_be32(tb[NFCTH_POLICY_SET_NUM]) is zero, report -EINVAL to
the userspace.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_nat.c')
0 files changed, 0 insertions, 0 deletions