| Message ID | 1389314142-17969-11-git-send-email-pablo@netfilter.org |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index b43975a..e8254ad 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -239,6 +239,9 @@ static int nft_meta_init(const struct nft_ctx *ctx, const struct nft_expr *expr, return err; priv->sreg = ntohl(nla_get_be32(tb[NFTA_META_SREG])); + err = nft_validate_input_register(priv->sreg); + if (err < 0) + return err; return 0; }
We have to validate that the input register is in the range of allowed registers, otherwise we can take a incorrect register value as input that may lead us to a crash. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nft_meta.c | 3 +++ 1 file changed, 3 insertions(+)