From patchwork Sat Aug 24 03:07:31 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: remaper <yp.fangdong@gmail.com>
X-Patchwork-Id: 269479
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 54EC52C0084
	for <incoming@patchwork.ozlabs.org>;
	Sat, 24 Aug 2013 01:10:01 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753280Ab3HWPJ7 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Fri, 23 Aug 2013 11:09:59 -0400
Received: from mail-pa0-f48.google.com ([209.85.220.48]:48238 "EHLO
	mail-pa0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753108Ab3HWPJ6 (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Fri, 23 Aug 2013 11:09:58 -0400
Received: by mail-pa0-f48.google.com with SMTP id kp13so782470pab.7
	for <multiple recipients>; Fri, 23 Aug 2013 08:09:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=UoEMEY+jpD7Qvi55coWwYzUW1T95EInBrputZLbehQs=;
	b=QrV0FsJndiTlOtqcGjZxjPbtd7p62e0+Ccru5DWcHq2oqKYNmvhMLfYf3o1AuQC6Bh
	oCbR5Jz7hPs16y4P5HgO/k2rFHqF0JM7ha+7FFSiGfk21oay6a+dCMozbOLYXflBn/X4
	z/cH4z2Cbrq1qfjAxaD2lz/m3cFNwLmxRPWJ7dmZyHjL+etSzwhpWfALlFGvkdK7IxfQ
	CYi/woaQAnGASUw2txiNvX8mHs+bo45OkdNwD9YFdliYyz7JheWQ2ZouhjOYvT1uqJRP
	pTiLKINYN5eQmkaFkTmkWICSHIT3pd+Nd17fnfaEuEWo/PQS1l6z8QProzI7+nXeucZ6
	utzw==
X-Received: by 10.68.217.225 with SMTP id pb1mr238842pbc.61.1377270597826;
	Fri, 23 Aug 2013 08:09:57 -0700 (PDT)
Received: from localhost.localdomain ([218.18.133.75])
	by mx.google.com with ESMTPSA id
	zi1sm301887pbb.28.1969.12.31.16.00.00
	(version=TLSv1 cipher=RC4-SHA bits=128/128);
	Fri, 23 Aug 2013 08:09:56 -0700 (PDT)
From: Dong Fang <yp.fangdong@gmail.com>
To: pablo@netfilter.org, kaber@trash.net, kadlec@blackhole.kfki.hu,
	davem@davemloft.net, yp.fangdong@gmail.com
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org,
	coreteam@netfilter.org, netdev@vger.kernel.org
Subject: [PATCH] netfilter: avoid array overflow in nf_register_hook
Date: Fri, 23 Aug 2013 23:07:31 -0400
Message-Id: <1377313651-16096-1-git-send-email-yp.fangdong@gmail.com>
X-Mailer: git-send-email 1.7.1
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This patch fix the array overflow in nf_register_hook function

Signed-off-by: Dong Fang <yp.fangdong@gmail.com>
---
 net/netfilter/core.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 2217363..819eee1 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -68,8 +68,11 @@ static DEFINE_MUTEX(nf_hook_mutex);
 int nf_register_hook(struct nf_hook_ops *reg)
 {
 	struct nf_hook_ops *elem;
-	int err;
+	int err = -EINVAL;
 
+	if (reg->pf >= NFPROTO_NUMPROTO || reg->hooknum >= NF_MAX_HOOKS)
+		return err;
+
 	err = mutex_lock_interruptible(&nf_hook_mutex);
 	if (err < 0)
 		return err;