netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes
Fix the direct assignment of offset and length attributes included in nft_exthdr structure from u32 data to u8. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
aa0c2c68ab
commit
4da449ae1d
|
@ -59,6 +59,7 @@ static int nft_exthdr_init(const struct nft_ctx *ctx,
|
|||
const struct nlattr * const tb[])
|
||||
{
|
||||
struct nft_exthdr *priv = nft_expr_priv(expr);
|
||||
u32 offset, len;
|
||||
|
||||
if (tb[NFTA_EXTHDR_DREG] == NULL ||
|
||||
tb[NFTA_EXTHDR_TYPE] == NULL ||
|
||||
|
@ -66,9 +67,15 @@ static int nft_exthdr_init(const struct nft_ctx *ctx,
|
|||
tb[NFTA_EXTHDR_LEN] == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET]));
|
||||
len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN]));
|
||||
|
||||
if (offset > U8_MAX || len > U8_MAX)
|
||||
return -ERANGE;
|
||||
|
||||
priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]);
|
||||
priv->offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET]));
|
||||
priv->len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN]));
|
||||
priv->offset = offset;
|
||||
priv->len = len;
|
||||
priv->dreg = nft_parse_register(tb[NFTA_EXTHDR_DREG]);
|
||||
|
||||
return nft_validate_register_store(ctx, priv->dreg, NULL,
|
||||
|
|
Loading…
Reference in New Issue