Commit eaa2bcd6 authored by Phil Turnbull's avatar Phil Turnbull Committed by Pablo Neira Ayuso

netfilter: nf_tables: validate NFTA_SET_TABLE parameter

If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is
not set, then a NULL pointer dereference is triggered in
nf_tables_set_lookup because ctx.table is NULL.
Signed-off-by: default avatarPhil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 83170f3b
...@@ -2641,6 +2641,8 @@ static int nf_tables_getset(struct net *net, struct sock *nlsk, ...@@ -2641,6 +2641,8 @@ static int nf_tables_getset(struct net *net, struct sock *nlsk,
/* Only accept unspec with dump */ /* Only accept unspec with dump */
if (nfmsg->nfgen_family == NFPROTO_UNSPEC) if (nfmsg->nfgen_family == NFPROTO_UNSPEC)
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
if (!nla[NFTA_SET_TABLE])
return -EINVAL;
set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]); set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]);
if (IS_ERR(set)) if (IS_ERR(set))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment