Commit 09525a09 authored by Dan Carpenter's avatar Dan Carpenter Committed by Pablo Neira Ayuso

netfilter: nf_tables: underflow in nft_parse_u32_check()

We don't want to allow negatives here.

Fixes: 36b701fa ('netfilter: nf_tables: validate maximum value of u32 netlink attributes')
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 5751e175
...@@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, ...@@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
*/ */
unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
{ {
int val; u32 val;
val = ntohl(nla_get_be32(attr)); val = ntohl(nla_get_be32(attr));
if (val > max) if (val > max)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment