Message ID | 20161012060811.GE12841@mwanda |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
2016-10-12 14:08 GMT+08:00 Dan Carpenter <dan.carpenter@oracle.com>: > We don't want to allow negatives here. > > Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c > index b70d3ea..dd55187 100644 > --- a/net/netfilter/nf_tables_api.c > +++ b/net/netfilter/nf_tables_api.c > @@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, > */ I think it's better if you can convert it to follows: > unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) int nft_parse_u32_check(const struct nlattr *attr, u32 max, u32 *dest) > { > - int val; > + uint val; u32 val; > > val = ntohl(nla_get_be32(attr)); > if (val > max)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index b70d3ea..dd55187 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, */ unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) { - int val; + uint val; val = ntohl(nla_get_be32(attr)); if (val > max)
We don't want to allow negatives here. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>