tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: flowtable: check for maximum number of encapsulations in bridge vlan
Add a sanity check to skip path discovery if the maximum number of
encapsulation is reached. While at it, check for underflow too.
Fixes: 26267bf9bb57 ("netfilter: flowtable: bridge vlan hardware offload and switchdev")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+8
-1
+8
-1
net/netfilter/nft_flow_offload.c
+8
-1
net/netfilter/nft_flow_offload.c
···
141
141
info->ingress_vlans |= BIT(info->num_encaps - 1);
142
142
break;
143
143
case DEV_PATH_BR_VLAN_TAG:
144
+
if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) {
145
+
info->indev = NULL;
146
+
break;
147
+
}
144
148
info->encap[info->num_encaps].id = path->bridge.vlan_id;
145
149
info->encap[info->num_encaps].proto = path->bridge.vlan_proto;
146
150
info->num_encaps++;
147
151
break;
148
152
case DEV_PATH_BR_VLAN_UNTAG:
149
-
info->num_encaps--;
153
+
if (WARN_ON_ONCE(info->num_encaps-- == 0)) {
154
+
info->indev = NULL;
155
+
break;
156
+
}
150
157
break;
151
158
case DEV_PATH_BR_VLAN_KEEP:
152
159
break;