tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nft_exthdr: break evaluation if setting TCP option fails
Break rule evaluation on malformed TCP options.
Fixes: 99d1712bc41c ("netfilter: exthdr: tcp option set support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+7
-4
+7
-4
net/netfilter/nft_exthdr.c
+7
-4
net/netfilter/nft_exthdr.c
···
236
236
237
237
tcph = nft_tcp_header_pointer(pkt, sizeof(buff), buff, &tcphdr_len);
238
238
if (!tcph)
239
-
return;
239
+
goto err;
240
240
241
241
opt = (u8 *)tcph;
242
242
for (i = sizeof(*tcph); i < tcphdr_len - 1; i += optl) {
···
251
251
continue;
252
252
253
253
if (i + optl > tcphdr_len || priv->len + priv->offset > optl)
254
-
return;
254
+
goto err;
255
255
256
256
if (skb_ensure_writable(pkt->skb,
257
257
nft_thoff(pkt) + i + priv->len))
258
-
return;
258
+
goto err;
259
259
260
260
tcph = nft_tcp_header_pointer(pkt, sizeof(buff), buff,
261
261
&tcphdr_len);
262
262
if (!tcph)
263
-
return;
263
+
goto err;
264
264
265
265
offset = i + priv->offset;
266
266
···
303
303
304
304
return;
305
305
}
306
+
return;
307
+
err:
308
+
regs->verdict.code = NFT_BREAK;
306
309
}
307
310
308
311
static void nft_exthdr_sctp_eval(const struct nft_expr *expr,