lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1472394618-5711-1-git-send-email-fgao@ikuai8.com> Date: Sun, 28 Aug 2016 22:30:18 +0800 From: fgao@...ai8.com To: pablo@...filter.org, kaber@...sh.net, davem@...emloft.net, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org Cc: gfree.wind@...il.com, Gao Feng <fgao@...ai8.com> Subject: [PATCH nf-next] netfilter: log: Check param to avoid overflow in nf_log_set From: Gao Feng <fgao@...ai8.com> The nf_log_set is an interface function, so it should do the strict sanity check of parameters. Add one sanity check for pf, it could not exceed NFPROTO_NUMPROTO, and print error log when pf is invalid. Signed-off-by: Gao Feng <fgao@...ai8.com> --- net/netfilter/nf_log.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index aa5847a..02ce0b9 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c @@ -43,8 +43,10 @@ void nf_log_set(struct net *net, u_int8_t pf, const struct nf_logger *logger) { const struct nf_logger *log; - if (pf == NFPROTO_UNSPEC) + if (pf == NFPROTO_UNSPEC || pf >= NFPROTO_NUMPROTO) { + pr_err("Wrong pf(%d) for nf log", pf); return; + } mutex_lock(&nf_log_mutex); log = nft_log_dereference(net->nf.nf_loggers[pf]); -- 1.9.1
Powered by blists - more mailing lists