diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2005-11-14 15:22:11 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-11-14 15:22:11 -0800 |
commit | 56558208521729fa6b2a0f12df22e1569dee297a (patch) | |
tree | 0edad3244ac80e9cf00707ac4940e8c3a758cf75 /net/ipv4/netfilter/ip_conntrack_proto_tcp.c | |
parent | c0400c4f5a08cfd1c657f7f616fcf1dfbd76a4d7 (diff) |
[NETFILTER] ctnetlink: More thorough size checking of attributes
Add missing size checks. Thanks Patrick McHardy for the hint.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/ip_conntrack_proto_tcp.c')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index 5b3f5220f28..ee3b7d6c4d2 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c @@ -357,6 +357,10 @@ nfattr_failure: return -1; } +static const size_t cta_min_tcp[CTA_PROTOINFO_TCP_MAX] = { + [CTA_PROTOINFO_TCP_STATE-1] = sizeof(u_int8_t), +}; + static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct) { struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1]; @@ -369,6 +373,9 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct) nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); + if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp)) + return -EINVAL; + if (!tb[CTA_PROTOINFO_TCP_STATE-1]) return -EINVAL; |