diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-26 15:16:05 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-27 10:06:57 +0300 |
commit | e603ea4ba778846b5b2203546f0c6056ec198b16 (patch) | |
tree | 3533648c71ea055cc96cc918513a19a2e4d11149 /net | |
parent | 32fc71875127498bf99cc648e96400ee0895edf7 (diff) | |
download | linux-e603ea4ba778846b5b2203546f0c6056ec198b16.tar.xz |
netfilter: nf_tables: missing attribute validation in nf_tables_delflowtable()
Return -EINVAL is mandatory attributes are missing.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 43acdeef045d..2b5aa78979db 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5161,6 +5161,11 @@ static int nf_tables_delflowtable(struct net *net, struct sock *nlsk, struct nft_table *table; struct nft_ctx ctx; + if (!nla[NFTA_FLOWTABLE_TABLE] || + (!nla[NFTA_FLOWTABLE_NAME] && + !nla[NFTA_FLOWTABLE_HANDLE])) + return -EINVAL; + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family, genmask); if (IS_ERR(table)) |