Commit e31f072f authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: do not allow to delete table with owner by handle 



nft_table_lookup_byhandle() also needs to validate the netlink PortID
owner when deleting a table by handle.

Fixes: 6001a930 ("netfilter: nftables: introduce table ownership")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 53479909

net/netfilter/nf_tables_api.c

+9 −3
Original line number Diff line number Diff line
@@ -583,7 +583,7 @@ static struct nft_table *nft_table_lookup(const struct net *net, 


static struct nft_table *nft_table_lookup_byhandle(const struct net *net,

						   const struct nlattr *nla,

						   u8 genmask)

						   u8 genmask, u32 nlpid)

{

	struct nftables_pernet *nft_net;

	struct nft_table *table;
@@ -591,9 +591,14 @@ static struct nft_table *nft_table_lookup_byhandle(const struct net *net, 
	nft_net = nft_pernet(net);

	list_for_each_entry(table, &nft_net->tables, list) {

		if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&

		    nft_active_genmask(table, genmask))

		    nft_active_genmask(table, genmask)) {

			if (nft_table_has_owner(table) &&

			    nlpid && table->nlpid != nlpid)

				return ERR_PTR(-EPERM);



			return table;

		}

	}



	return ERR_PTR(-ENOENT);

}
@@ -1279,7 +1284,8 @@ static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info, 


	if (nla[NFTA_TABLE_HANDLE]) {

		attr = nla[NFTA_TABLE_HANDLE];

		table = nft_table_lookup_byhandle(net, attr, genmask);

		table = nft_table_lookup_byhandle(net, attr, genmask,

						  NETLINK_CB(skb).portid);

	} else {

		attr = nla[NFTA_TABLE_NAME];

		table = nft_table_lookup(net, attr, family, genmask,