Skip to content

K
Kernel

openeuler / Kernel
大约 2 年 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
提交 2739f447 编写于 作者: P Pablo Neira Ayuso 提交者: Zheng Zengkai
浏览文件
操作

netfilter: nft_payload: do not truncate csum_offset and csum_type 

stable inclusion
from stable-v5.10.140
commit ea358cfc8e25255b15305f14297e09e1defea4ca
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I63FTT

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ea358cfc8e25255b15305f14297e09e1defea4ca

--------------------------------

[ Upstream commit 7044ab28 ]

Instead report ERANGE if csum_offset is too long, and EOPNOTSUPP if type
is not support.

Fixes: 7ec3f7b4 ("netfilter: nft_payload: add packet mangling support")
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NSasha Levin <sashal@kernel.org>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: NWei Li <liwei391@huawei.com>
上级 c17b83a7
隐藏空白更改
内联 并排
Showing with 13 addition and 6 deletion
net/netfilter/nft_payload.c
浏览文件 @ 2739f447
...@@ -660,17 +660,23 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, ...@@ -660,17 +660,23 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[]) const struct nlattr * const tb[])
{ {
struct nft_payload_set *priv = nft_expr_priv(expr); struct nft_payload_set *priv = nft_expr_priv(expr);
u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE;
int err;
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE])); priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET])); priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN])); priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
if (tb[NFTA_PAYLOAD_CSUM_TYPE]) if (tb[NFTA_PAYLOAD_CSUM_TYPE])
priv->csum_type = csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE])); if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) {
if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX,
priv->csum_offset = &csum_offset);
ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET])); if (err < 0)
return err;
priv->csum_offset = csum_offset;
}
if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) { if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
u32 flags; u32 flags;
...@@ -681,7 +687,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, ...@@ -681,7 +687,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
priv->csum_flags = flags; priv->csum_flags = flags;
} }
switch (priv->csum_type) { switch (csum_type) {
case NFT_PAYLOAD_CSUM_NONE: case NFT_PAYLOAD_CSUM_NONE:
case NFT_PAYLOAD_CSUM_INET: case NFT_PAYLOAD_CSUM_INET:
break; break;
...@@ -695,6 +701,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, ...@@ -695,6 +701,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
default: default:
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->csum_type = csum_type;
return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg, return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg,
priv->len); priv->len);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册