Fix the direct assignment from u32 data input into the len attribute with a size of u8. Signed-off-by: Laura Garcia Liebana <nevola@xxxxxxxxx> --- net/netfilter/nft_bitwise.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index d71cc18..2c49f69 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -53,6 +53,7 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, struct nft_bitwise *priv = nft_expr_priv(expr); struct nft_data_desc d1, d2; int err; + u32 len; if (tb[NFTA_BITWISE_SREG] == NULL || tb[NFTA_BITWISE_DREG] == NULL || @@ -61,7 +62,11 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, tb[NFTA_BITWISE_XOR] == NULL) return -EINVAL; - priv->len = ntohl(nla_get_be32(tb[NFTA_BITWISE_LEN])); + len = ntohl(nla_get_be32(tb[NFTA_BITWISE_LEN])); + if (len > U8_MAX) + return -EINVAL; + priv->len = len; + priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]); err = nft_validate_register_load(priv->sreg, priv->len); if (err < 0) -- 2.8.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
