diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-27 12:51:39 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-30 05:44:24 -0400 |
| commit | 63283dd21ed2bf25a71909a820ed3e8fe412e15d (patch) | |
| tree | 4ea57690fa3009f5737fbab3385b595f518844c1 /net | |
| parent | e940f5d6ba6a01f8dbb870854d5205d322452730 (diff) | |
netfilter: nf_tables: skip transaction if no update flags in tables
Skip transaction handling for table updates with no changes in
the flags. This fixes a crash when passing the table flag with all
bits unset.
Reported-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ab4566cfcbe4..da5dc37a7402 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -407,6 +407,9 @@ static int nf_tables_updtable(struct nft_ctx *ctx) | |||
| 407 | if (flags & ~NFT_TABLE_F_DORMANT) | 407 | if (flags & ~NFT_TABLE_F_DORMANT) |
| 408 | return -EINVAL; | 408 | return -EINVAL; |
| 409 | 409 | ||
| 410 | if (flags == ctx->table->flags) | ||
| 411 | return 0; | ||
| 412 | |||
| 410 | trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE, | 413 | trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE, |
| 411 | sizeof(struct nft_trans_table)); | 414 | sizeof(struct nft_trans_table)); |
| 412 | if (trans == NULL) | 415 | if (trans == NULL) |