netfilter: nft_meta: fix lack of validation of the input register

We have to validate that the input register is in the range of
allowed registers, otherwise we can take a incorrect register
value as input that may lead us to a crash.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index b43975a43309597d23c9a5301b5c9e9fa2dd419f..e8254ad2e5a9f37e84694293c8ba4069b5e5f35e 100644 (file)
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -239,6 +239,9 @@ static int nft_meta_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
                return err;
 
        priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG]));
+       err = nft_validate_input_register(priv->sreg);
+       if (err < 0)
+               return err;
 
        return 0;
 }