diff options
| author | Phil Turnbull <phil.turnbull@oracle.com> | 2016-05-27 13:34:04 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-30 06:21:23 -0400 |
| commit | eaa2bcd6d1d410a52df8c7b05e76d86c0319b7b0 (patch) | |
| tree | bfe420585bb687c2f58e916438aa4c8bee0a30c8 /net | |
| parent | 83170f3beccccd7ceb4f9a0ac0c4dc736afde90c (diff) | |
netfilter: nf_tables: validate NFTA_SET_TABLE parameter
If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is
not set, then a NULL pointer dereference is triggered in
nf_tables_set_lookup because ctx.table is NULL.
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 2011977cd79d..6947e255cdd8 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -2641,6 +2641,8 @@ static int nf_tables_getset(struct net *net, struct sock *nlsk, | |||
| 2641 | /* Only accept unspec with dump */ | 2641 | /* Only accept unspec with dump */ |
| 2642 | if (nfmsg->nfgen_family == NFPROTO_UNSPEC) | 2642 | if (nfmsg->nfgen_family == NFPROTO_UNSPEC) |
| 2643 | return -EAFNOSUPPORT; | 2643 | return -EAFNOSUPPORT; |
| 2644 | if (!nla[NFTA_SET_TABLE]) | ||
| 2645 | return -EINVAL; | ||
| 2644 | 2646 | ||
| 2645 | set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]); | 2647 | set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]); |
| 2646 | if (IS_ERR(set)) | 2648 | if (IS_ERR(set)) |