netfilter: nft_meta: fix lack of validation of the input register

We have to validate that the input register is in the range of allowed registers, otherwise we can take a incorrect register value as input that may lead us to a crash. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_meta: fix lack of validation of the input register
We have to validate that the input register is in the range of allowed registers, otherwise we can take a incorrect register value as input that may lead us to a crash. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
b38895c5 · Pablo Neira Ayuso · c4ede3d3 · b38895c5
Commit b38895c5 authored Jan 09, 2014 by Pablo Neira Ayuso
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

net/netfilter/nft_meta.c net/netfilter/nft_meta.c +3 -0

No files found.
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -239,6 +239,9 @@ static int nft_meta_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
 		return err;
 	priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG]));
+	err = nft_validate_input_register(priv->sreg);
+	if (err < 0)
+		return err;
 	return 0;
 }