netfilter: nft_hash: validate maximum value of u32 netlink hash attribute

Use the function nft_parse_u32_check() to fetch the value and validate the u32 attribute into the hash len u8 field. This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes"). Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression") Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Laura Garcia Liebana <nevola@gmail.com> 2016-11-14 16:33:34 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-24 08:40:03 -0500
commit: abd66e9f3cc50c9c3ba4cf609749374090a2f215 (patch)
tree: e9266a52b4af3fda805bbbb04a466fab69f4c8b9 /net
parent: 486dcf43da7815baa615822f3e46883ccca5400f (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index baf694de3935..d5447a22275c 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -53,6 +53,7 @@ static int nft_hash_init(const struct nft_ctx *ctx,
 {
        struct nft_hash *priv = nft_expr_priv(expr);
        u32 len;
+        int err;
        if (!tb[NFTA_HASH_SREG] ||
            !tb[NFTA_HASH_DREG] ||
@@ -67,8 +68,10 @@ static int nft_hash_init(const struct nft_ctx *ctx,
        priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
        priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
-        len = ntohl(nla_get_be32(tb[NFTA_HASH_LEN]));
+        err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len);
-        if (len == 0 || len > U8_MAX)
+        if (err < 0)
+                return err;
+        if (len == 0)
                return -ERANGE;
        priv->len = len;
author	Laura Garcia Liebana <nevola@gmail.com>	2016-11-14 16:33:34 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-24 08:40:03 -0500
commit	abd66e9f3cc50c9c3ba4cf609749374090a2f215 (patch)
tree	e9266a52b4af3fda805bbbb04a466fab69f4c8b9 /net
parent	486dcf43da7815baa615822f3e46883ccca5400f (diff)