diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-07 13:02:11 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-07 14:16:31 -0400 |
| commit | f0d1f04f0a2f662b6b617e24d115fddcf6ef8723 (patch) | |
| tree | 32d914b7f1baa5a5d5c01936616425226143c234 /net | |
| parent | 91c1a09b33c902e20e09d9742560cc238a714de5 (diff) | |
netfilter: fix wrong arithmetics regarding NFT_REJECT_ICMPX_MAX
NFT_REJECT_ICMPX_MAX should be __NFT_REJECT_ICMPX_MAX - 1.
nft_reject_icmp_code() and nft_reject_icmpv6_code() are called from the
packet path, so BUG_ON in case we try to access an unknown abstracted
ICMP code. This should not happen since we already validate this from
nft_reject_{inet,bridge}_init().
Fixes: 51b0a5d ("netfilter: nft_reject: introduce icmp code abstraction for inet and bridge")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nft_reject.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/net/netfilter/nft_reject.c b/net/netfilter/nft_reject.c index ec8a456092a7..57d3e1af5630 100644 --- a/net/netfilter/nft_reject.c +++ b/net/netfilter/nft_reject.c | |||
| @@ -72,7 +72,7 @@ nla_put_failure: | |||
| 72 | } | 72 | } |
| 73 | EXPORT_SYMBOL_GPL(nft_reject_dump); | 73 | EXPORT_SYMBOL_GPL(nft_reject_dump); |
| 74 | 74 | ||
| 75 | static u8 icmp_code_v4[NFT_REJECT_ICMPX_MAX] = { | 75 | static u8 icmp_code_v4[NFT_REJECT_ICMPX_MAX + 1] = { |
| 76 | [NFT_REJECT_ICMPX_NO_ROUTE] = ICMP_NET_UNREACH, | 76 | [NFT_REJECT_ICMPX_NO_ROUTE] = ICMP_NET_UNREACH, |
| 77 | [NFT_REJECT_ICMPX_PORT_UNREACH] = ICMP_PORT_UNREACH, | 77 | [NFT_REJECT_ICMPX_PORT_UNREACH] = ICMP_PORT_UNREACH, |
| 78 | [NFT_REJECT_ICMPX_HOST_UNREACH] = ICMP_HOST_UNREACH, | 78 | [NFT_REJECT_ICMPX_HOST_UNREACH] = ICMP_HOST_UNREACH, |
| @@ -81,8 +81,7 @@ static u8 icmp_code_v4[NFT_REJECT_ICMPX_MAX] = { | |||
| 81 | 81 | ||
| 82 | int nft_reject_icmp_code(u8 code) | 82 | int nft_reject_icmp_code(u8 code) |
| 83 | { | 83 | { |
| 84 | if (code > NFT_REJECT_ICMPX_MAX) | 84 | BUG_ON(code > NFT_REJECT_ICMPX_MAX); |
| 85 | return -EINVAL; | ||
| 86 | 85 | ||
| 87 | return icmp_code_v4[code]; | 86 | return icmp_code_v4[code]; |
| 88 | } | 87 | } |
| @@ -90,7 +89,7 @@ int nft_reject_icmp_code(u8 code) | |||
| 90 | EXPORT_SYMBOL_GPL(nft_reject_icmp_code); | 89 | EXPORT_SYMBOL_GPL(nft_reject_icmp_code); |
| 91 | 90 | ||
| 92 | 91 | ||
| 93 | static u8 icmp_code_v6[NFT_REJECT_ICMPX_MAX] = { | 92 | static u8 icmp_code_v6[NFT_REJECT_ICMPX_MAX + 1] = { |
| 94 | [NFT_REJECT_ICMPX_NO_ROUTE] = ICMPV6_NOROUTE, | 93 | [NFT_REJECT_ICMPX_NO_ROUTE] = ICMPV6_NOROUTE, |
| 95 | [NFT_REJECT_ICMPX_PORT_UNREACH] = ICMPV6_PORT_UNREACH, | 94 | [NFT_REJECT_ICMPX_PORT_UNREACH] = ICMPV6_PORT_UNREACH, |
| 96 | [NFT_REJECT_ICMPX_HOST_UNREACH] = ICMPV6_ADDR_UNREACH, | 95 | [NFT_REJECT_ICMPX_HOST_UNREACH] = ICMPV6_ADDR_UNREACH, |
| @@ -99,8 +98,7 @@ static u8 icmp_code_v6[NFT_REJECT_ICMPX_MAX] = { | |||
| 99 | 98 | ||
| 100 | int nft_reject_icmpv6_code(u8 code) | 99 | int nft_reject_icmpv6_code(u8 code) |
| 101 | { | 100 | { |
| 102 | if (code > NFT_REJECT_ICMPX_MAX) | 101 | BUG_ON(code > NFT_REJECT_ICMPX_MAX); |
| 103 | return -EINVAL; | ||
| 104 | 102 | ||
| 105 | return icmp_code_v6[code]; | 103 | return icmp_code_v6[code]; |
| 106 | } | 104 | } |