diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-03-21 11:19:16 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-22 14:50:35 -0400 |
| commit | 55df35d22fe3433032d82b8c67dfd283cb071953 (patch) | |
| tree | 62a1a23f2fac7b2451b0b0f2a8c6d9885e21d12e | |
| parent | 16c45eda96038aae848b6cfd42e2bf4b5e80f365 (diff) | |
netfilter: nf_tables: reject NFT_SET_ELEM_INTERVAL_END flag for non-interval sets
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index a072d8769b9b..f7e3371ce856 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -3138,6 +3138,9 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, | |||
| 3138 | elem.flags = ntohl(nla_get_be32(nla[NFTA_SET_ELEM_FLAGS])); | 3138 | elem.flags = ntohl(nla_get_be32(nla[NFTA_SET_ELEM_FLAGS])); |
| 3139 | if (elem.flags & ~NFT_SET_ELEM_INTERVAL_END) | 3139 | if (elem.flags & ~NFT_SET_ELEM_INTERVAL_END) |
| 3140 | return -EINVAL; | 3140 | return -EINVAL; |
| 3141 | if (!(set->flags & NFT_SET_INTERVAL) && | ||
| 3142 | elem.flags & NFT_SET_ELEM_INTERVAL_END) | ||
| 3143 | return -EINVAL; | ||
| 3141 | } | 3144 | } |
| 3142 | 3145 | ||
| 3143 | if (set->flags & NFT_SET_MAP) { | 3146 | if (set->flags & NFT_SET_MAP) { |