From: Joao Moreira <joao.moreira@xxxxxxxxx> In nft_flow_rule_create function, num_actions is a signed integer. Yet, it is processed within a loop which increments its value. To prevent an overflow from occurring, check if num_actions is not only equal to 0, but also not negative. After checking with maintainers, it was mentioned that front-end will cap the num_actions vlaue and that it is not possible to reach such condition for an overflow. Yet, for correctness, it is still better to fix this. Signed-off-by: Joao Moreira <joao.moreira@xxxxxxxxx> --- net/netfilter/nf_tables_offload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index 12ab78fa5d84..20dbc95de895 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -102,7 +102,7 @@ struct nft_flow_rule *nft_flow_rule_create(struct net *net, expr = nft_expr_next(expr); } - if (num_actions == 0) + if (num_actions <= 0) return ERR_PTR(-EOPNOTSUPP); flow = nft_flow_rule_alloc(num_actions); -- 2.41.0
