aboutsummaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/netfilter/ip_conntrack_proto_tcp.c')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 5b3f5220f28..ee3b7d6c4d2 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -357,6 +357,10 @@ nfattr_failure:
return -1;
}
+static const size_t cta_min_tcp[CTA_PROTOINFO_TCP_MAX] = {
+ [CTA_PROTOINFO_TCP_STATE-1] = sizeof(u_int8_t),
+};
+
static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
{
struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1];
@@ -369,6 +373,9 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
+ if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp))
+ return -EINVAL;
+
if (!tb[CTA_PROTOINFO_TCP_STATE-1])
return -EINVAL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 22:11:47 +0000