netfilter: nat: check the bounds of nf_nat_l3protos and nf_nat_l4protos
hulk inclusion category: bugfix bugzilla: NA CVE: NA ------------------------------------------------- famliy can be passed from user space and will be out of range of nf_nat_l3protos or nf_nat_l4protos, so we need check the family when call __nf_nat_l3proto_find() or __nf_nat_l4proto_find(). nfnetlink_parse_nat_setup() need return EAGAIN, if __nf_nat_l3proto_find() returns null, so we return a error number to distinguish this case. Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NWei Yongjun <weiyongjun1@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Showing
想要评论请 注册 或 登录