netfilter: nft_ct: reject direction for ct id

[ Upstream commit 38ed1c7062ada30d7c11e7a7acc749bf27aa14aa ] Direction attribute is ignored, reject it in case this ever needs to be supported Fixes: 3087c3f7c23b ("netfilter: nft_ct: Add ct id support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-05 16:59:24 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-16 21:10:51 +0300
commit: 28c5407cd2e4550377a5092ab97f451588fd2ca4 (patch)
tree: 4c93260c0a985dd8f60b0efa84e9e486178f2e48 /net
parent: cd9bd10c59e3c1446680514fd3097c5b00d3712d (diff)
download: linux-28c5407cd2e4550377a5092ab97f451588fd2ca4.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index aac98a3c966e..bfd3e5a14dab 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -476,6 +476,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
 		break;
 #endif
 	case NFT_CT_ID:
+		if (tb[NFTA_CT_DIRECTION])
+			return -EINVAL;
+
 		len = sizeof(u32);
 		break;
 	default:
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-05 16:59:24 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-16 21:10:51 +0300
commit	28c5407cd2e4550377a5092ab97f451588fd2ca4 (patch)
tree	4c93260c0a985dd8f60b0efa84e9e486178f2e48 /net
parent	cd9bd10c59e3c1446680514fd3097c5b00d3712d (diff)
download	linux-28c5407cd2e4550377a5092ab97f451588fd2ca4.tar.xz