netfilter: nf_log: validate nf_logger_find_get()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Sanitize nf_logger_find_get() input parameters, no caller in the tree
passes invalid values.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

authored by

Pablo Neira Ayuso and committed by

Florian Westphal 2 years ago c47ec2b1 79578be4

1 changed file

expand all

net

netfilter

nf_log.c

net/netfilter/nf_log.c

··· 156 156 struct nf_logger *logger; 157 157 int ret = -ENOENT; 158 158 159 + if (pf >= ARRAY_SIZE(loggers)) 160 + return -EINVAL; 161 + if (type >= NF_LOG_TYPE_MAX) 162 + return -EINVAL; 163 + 159 164 if (pf == NFPROTO_INET) { 160 165 ret = nf_logger_find_get(NFPROTO_IPV4, type); 161 166 if (ret < 0)