[PATCH 2/2] Ensure num_actions is not a negative

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Joao Moreira <joao.moreira@xxxxxxxxx>

In nft_flow_rule_create function, num_actions is a signed integer. Yet,
it is processed within a loop which increments its value. To prevent an
overflow from occurring, check if num_actions is not only equal to 0,
but also not negative.

After checking with maintainers, it was mentioned that front-end will
cap the num_actions vlaue and that it is not possible to reach such
condition for an overflow. Yet, for correctness, it is still better to
fix this.

Signed-off-by: Joao Moreira <joao.moreira@xxxxxxxxx>
---
 net/netfilter/nf_tables_offload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 12ab78fa5d84..20dbc95de895 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -102,7 +102,7 @@ struct nft_flow_rule *nft_flow_rule_create(struct net *net,
 		expr = nft_expr_next(expr);
 	}
 
-	if (num_actions == 0)
+	if (num_actions <= 0)
 		return ERR_PTR(-EOPNOTSUPP);
 
 	flow = nft_flow_rule_alloc(num_actions);
-- 
2.41.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux