diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-29 22:24:25 +0300 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2024-02-21 13:57:11 +0300 |
commit | c47ec2b120b4a9d573e65baa33ff3f542f7ba273 (patch) | |
tree | 5ca73a97f40b3e448f04fd5c8dd50699daf85521 /net | |
parent | 79578be4d35c842a802487e2f31c2aed80cc005f (diff) | |
download | linux-c47ec2b120b4a9d573e65baa33ff3f542f7ba273.tar.xz |
netfilter: nf_log: validate nf_logger_find_get()
Sanitize nf_logger_find_get() input parameters, no caller in the tree
passes invalid values.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_log.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index e0bfeb75766f..370f8231385c 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c @@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type) struct nf_logger *logger; int ret = -ENOENT; + if (pf >= ARRAY_SIZE(loggers)) + return -EINVAL; + if (type >= NF_LOG_TYPE_MAX) + return -EINVAL; + if (pf == NFPROTO_INET) { ret = nf_logger_find_get(NFPROTO_IPV4, type); if (ret < 0) |