[NETFILTER]: check nf_log function call arguments

Check whether pf is too large in order to prevent array overflow.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

2 files changed, 10 insertions, 2 deletions

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index bf430fcbe364..ac3c61411d4b 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -157,7 +157,7 @@ struct nf_logger {
 
 /* Function to register/unregister log function. */
 int nf_log_register(int pf, struct nf_logger *logger);
-void nf_log_unregister_pf(int pf);
+int nf_log_unregister_pf(int pf);
 void nf_log_unregister_logger(struct nf_logger *logger);
 
 /* Calls the registered backend logging function */
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e104760f7a67..573e76a770d9 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -24,6 +24,9 @@ int nf_log_register(int pf, struct nf_logger *logger)
 {
         int ret = -EBUSY;
 
+        if (pf >= NPROTO)
+                return -EINVAL;
+
         /* Any setup of logging members must be done before
          * substituting pointer. */
         spin_lock(&nf_log_lock);
@@ -38,14 +41,19 @@ int nf_log_register(int pf, struct nf_logger *logger)
 }               
 EXPORT_SYMBOL(nf_log_register);
 
-void nf_log_unregister_pf(int pf)
+int nf_log_unregister_pf(int pf)
 {
+        if (pf >= NPROTO)
+                return -EINVAL;
+
         spin_lock(&nf_log_lock);
         nf_logging[pf] = NULL;
         spin_unlock(&nf_log_lock);
 
         /* Give time to concurrent readers. */
         synchronize_net();
+
+        return 0;
 }
 EXPORT_SYMBOL(nf_log_unregister_pf);