tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_tables: validate family when identifying table via handle
Validate table family when looking up for it via NFTA_TABLE_HANDLE.
Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects via handle")
Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+3
-2
+3
-2
net/netfilter/nf_tables_api.c
+3
-2
net/netfilter/nf_tables_api.c
···
803
803
804
804
static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
805
805
const struct nlattr *nla,
806
-
u8 genmask, u32 nlpid)
806
+
int family, u8 genmask, u32 nlpid)
807
807
{
808
808
struct nftables_pernet *nft_net;
809
809
struct nft_table *table;
···
811
811
nft_net = nft_pernet(net);
812
812
list_for_each_entry(table, &nft_net->tables, list) {
813
813
if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
814
+
table->family == family &&
814
815
nft_active_genmask(table, genmask)) {
815
816
if (nft_table_has_owner(table) &&
816
817
nlpid && table->nlpid != nlpid)
···
1545
1544
1546
1545
if (nla[NFTA_TABLE_HANDLE]) {
1547
1546
attr = nla[NFTA_TABLE_HANDLE];
1548
-
table = nft_table_lookup_byhandle(net, attr, genmask,
1547
+
table = nft_table_lookup_byhandle(net, attr, family, genmask,
1549
1548
NETLINK_CB(skb).portid);
1550
1549
} else {
1551
1550
attr = nla[NFTA_TABLE_NAME];