netfilter: nft_meta: fix lack of validation of the input register
We have to validate that the input register is in the range of allowed registers, otherwise we can take a incorrect register value as input that may lead us to a crash. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c4ede3d382
commit
b38895c577
|
@ -239,6 +239,9 @@ static int nft_meta_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
|||
return err;
|
||||
|
||||
priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG]));
|
||||
err = nft_validate_input_register(priv->sreg);
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue