Commit e7af210e authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller
Browse files

netfilter: nft_payload: reject out-of-range attributes via policy 



Now that nla_policy allows range checks for bigendian data make use of
this to reject such attributes.  At this time, reject happens later
from the init or select_ops callbacks, but its prone to errors.

In the future, new attributes can be handled via NLA_POLICY_MAX_BE
and exiting ones can be converted one by one.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 08724ef6

net/netfilter/nft_payload.c

+3 −3
Original line number Diff line number Diff line
@@ -173,10 +173,10 @@ static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = { 
	[NFTA_PAYLOAD_SREG]		= { .type = NLA_U32 },

	[NFTA_PAYLOAD_DREG]		= { .type = NLA_U32 },

	[NFTA_PAYLOAD_BASE]		= { .type = NLA_U32 },

	[NFTA_PAYLOAD_OFFSET]		= { .type = NLA_U32 },

	[NFTA_PAYLOAD_LEN]		= { .type = NLA_U32 },

	[NFTA_PAYLOAD_OFFSET]		= NLA_POLICY_MAX_BE(NLA_U32, 255),

	[NFTA_PAYLOAD_LEN]		= NLA_POLICY_MAX_BE(NLA_U32, 255),

	[NFTA_PAYLOAD_CSUM_TYPE]	= { .type = NLA_U32 },

	[NFTA_PAYLOAD_CSUM_OFFSET]	= { .type = NLA_U32 },

	[NFTA_PAYLOAD_CSUM_OFFSET]	= NLA_POLICY_MAX_BE(NLA_U32, 255),

	[NFTA_PAYLOAD_CSUM_FLAGS]	= { .type = NLA_U32 },

};