Although init path validates that store does not go over the register
boundaries, the eval loop iterates over length / size to perform the
byteorder swap.
Make sure length is a multiple of size, otherwise userspace is buggy.
Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nft_byteorder.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/nft_byteorder.c b/net/netfilter/nft_byteorder.c
index f6e791a68101..8cf91e47fd7a 100644
--- a/net/netfilter/nft_byteorder.c
+++ b/net/netfilter/nft_byteorder.c
@@ -139,6 +139,9 @@ static int nft_byteorder_init(const struct nft_ctx *ctx,
priv->len = len;
+ if (len % size != 0)
+ return -EINVAL;
+
err = nft_parse_register_load(tb[NFTA_BYTEORDER_SREG], &priv->sreg,
priv->len);
if (err < 0)
--
2.30.2
