From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Sanitize nf_logger_find_get() input parameters, no caller in the tree passes invalid values. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- net/netfilter/nf_log.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index e0bfeb75766f..370f8231385c 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c @@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type) struct nf_logger *logger; int ret = -ENOENT; + if (pf >= ARRAY_SIZE(loggers)) + return -EINVAL; + if (type >= NF_LOG_TYPE_MAX) + return -EINVAL; + if (pf == NFPROTO_INET) { ret = nf_logger_find_get(NFPROTO_IPV4, type); if (ret < 0) -- 2.43.0