[NETFILTER]: check nf_log function call arguments

Check whether pf is too large in order to prevent array overflow. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-09 20:23:53 -07:00 · 2005-08-09 20:23:53 -07:00 · 8a61fadb39
parent d72367b6f3
commit 8a61fadb39
2 changed files with 10 additions and 2 deletions
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@ -157,7 +157,7 @@ struct nf_logger {

 /* Function to register/unregister log function. */
 int nf_log_register(int pf, struct nf_logger *logger);
-void nf_log_unregister_pf(int pf);
+int nf_log_unregister_pf(int pf);
 void nf_log_unregister_logger(struct nf_logger *logger);

 /* Calls the registered backend logging function */
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@ -24,6 +24,9 @@ int nf_log_register(int pf, struct nf_logger *logger)
 {
 	int ret = -EBUSY;

+	if (pf >= NPROTO)
+		return -EINVAL;
+
 	/* Any setup of logging members must be done before
 	 * substituting pointer. */
 	spin_lock(&nf_log_lock);
@ -38,14 +41,19 @@ int nf_log_register(int pf, struct nf_logger *logger)
 }		
 EXPORT_SYMBOL(nf_log_register);

-void nf_log_unregister_pf(int pf)
+int nf_log_unregister_pf(int pf)
 {
+	if (pf >= NPROTO)
+		return -EINVAL;
+
 	spin_lock(&nf_log_lock);
 	nf_logging[pf] = NULL;
 	spin_unlock(&nf_log_lock);

 	/* Give time to concurrent readers. */
 	synchronize_net();
+
+	return 0;
 }
 EXPORT_SYMBOL(nf_log_unregister_pf);