Hi!
> From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
>
> commit 826035498ec14b77b62a44f0cb6b94d45530db6f upstream.
>
> This new helper function validates that unknown family and chain type
> coming from userspace do not trigger an out-of-bound array access. Bail
> out in case __nft_chain_type_get() returns NULL from
> nft_chain_parse_hook().
> +++ b/net/netfilter/nf_tables_api.c
> @@ -472,14 +472,27 @@ static inline u64 nf_tables_alloc_handle
> static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
>
> static const struct nft_chain_type *
> +__nft_chain_type_get(u8 family, enum nft_chain_types type)
> +{
> + if (family >= NFPROTO_NUMPROTO ||
> + type >= NFT_CHAIN_T_MAX)
> + return NULL;
> +
> + return chain_type[family][type];
> +}
Are enum types guaranteed to be unsigned on all compilers we care
about? Google says they can be signed, too. So, should the test be
"((unsigned int) type) >= ..." ?
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
