diff options
| author | Tim Gardner <tim.gardner@canonical.com> | 2010-03-17 11:18:56 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-03-17 11:18:56 -0400 |
| commit | 606a9a02633c02d0e09fc96706f041053dbc57ee (patch) | |
| tree | 815148645d417a184479d9b83813c53441809e59 | |
| parent | 0079c5aee34880bcee7feee9960f0502c73dc5fa (diff) | |
netfilter: xt_recent: check for unsupported user space flags
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | include/linux/netfilter/xt_recent.h | 3 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h index bba990ecb018..83318e01425e 100644 --- a/include/linux/netfilter/xt_recent.h +++ b/include/linux/netfilter/xt_recent.h | |||
| @@ -20,6 +20,9 @@ enum { | |||
| 20 | /* Only allowed with --rcheck and --update */ | 20 | /* Only allowed with --rcheck and --update */ |
| 21 | #define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) | 21 | #define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) |
| 22 | 22 | ||
| 23 | #define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\ | ||
| 24 | XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP) | ||
| 25 | |||
| 23 | struct xt_recent_mtinfo { | 26 | struct xt_recent_mtinfo { |
| 24 | __u32 seconds; | 27 | __u32 seconds; |
| 25 | __u32 hit_count; | 28 | __u32 hit_count; |
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index b65eca9e13a3..d2e7c80cd3c3 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c | |||
| @@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) | |||
| 319 | get_random_bytes(&hash_rnd, sizeof(hash_rnd)); | 319 | get_random_bytes(&hash_rnd, sizeof(hash_rnd)); |
| 320 | hash_rnd_inited = true; | 320 | hash_rnd_inited = true; |
| 321 | } | 321 | } |
| 322 | if (info->check_set & ~XT_RECENT_VALID_FLAGS) { | ||
| 323 | pr_info(KBUILD_MODNAME ": Unsupported user space flags " | ||
| 324 | "(%08x)\n", info->check_set); | ||
| 325 | return false; | ||
| 326 | } | ||
| 322 | if (hweight8(info->check_set & | 327 | if (hweight8(info->check_set & |
| 323 | (XT_RECENT_SET | XT_RECENT_REMOVE | | 328 | (XT_RECENT_SET | XT_RECENT_REMOVE | |
| 324 | XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1) | 329 | XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1) |