projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0617c3d) | patch
netfilter: nf_tables: validate .maxattr at expression registration
authorPablo Neira Ayuso <pablo@netfilter.org>
Sat, 6 Jan 2024 22:52:02 +0000 (23:52 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 17 Jan 2024 11:02:46 +0000 (12:02 +0100)
commit65b3bd600e15e00fb9e433bbc8aa55e42b202055
treea6b3f3c4e36c111049127d4fc8b0da356835371btree | snapshot
parent0617c3de9b4026b87be12b0cb5c35f42c7c66fcbcommit | diff
netfilter: nf_tables: validate .maxattr at expression registration

struct nft_expr_info allows to store up to NFT_EXPR_MAXATTR (16)
attributes when parsing netlink attributes.

Rise a warning in case there is ever a nft expression whose .maxattr
goes beyond this number of expressions, in such case, struct nft_expr_info
needs to be updated.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)