diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-10 21:27:26 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 10:25:49 -0400 |
| commit | 45d9bcda21f4c13be75e3571b0f0ef39e77934b5 (patch) | |
| tree | 54312412f1a9253360db901877e8b51991777562 /include/net | |
| parent | e60a9de49c3744aa44128eaaed3aca965911ca2e (diff) | |
netfilter: nf_tables: validate len in nft_validate_data_load()
For values spanning multiple registers, we need to validate that enough
space is available from the destination register onwards. Add a len
argument to nft_validate_data_load() and consolidate the existing length
validations in preparation of that.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index d6a2f0ed5130..f491243ff58b 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h | |||
| @@ -116,7 +116,7 @@ int nft_validate_input_register(enum nft_registers reg); | |||
| 116 | int nft_validate_output_register(enum nft_registers reg); | 116 | int nft_validate_output_register(enum nft_registers reg); |
| 117 | int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg, | 117 | int nft_validate_data_load(const struct nft_ctx *ctx, enum nft_registers reg, |
| 118 | const struct nft_data *data, | 118 | const struct nft_data *data, |
| 119 | enum nft_data_types type); | 119 | enum nft_data_types type, unsigned int len); |
| 120 | 120 | ||
| 121 | 121 | ||
| 122 | /** | 122 | /** |