netfilter: nft_log: check the validity of log level
User can specify the log level larger than 7(debug level) via nfnetlink, this is invalid. So in this case, we should report EINVAL to the userspace. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c2d9a4293c
commit
1bc4e0136c
|
@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
|
|||
} else {
|
||||
li->u.log.level = LOGLEVEL_WARNING;
|
||||
}
|
||||
if (li->u.log.level > LOGLEVEL_DEBUG) {
|
||||
err = -EINVAL;
|
||||
goto err1;
|
||||
}
|
||||
|
||||
if (tb[NFTA_LOG_FLAGS] != NULL) {
|
||||
li->u.log.logflags =
|
||||
ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));
|
||||
|
|
Loading…
Reference in New Issue