netfilter: nf_tables: validate .maxattr at expression registration

struct nft_expr_info allows to store up to NFT_EXPR_MAXATTR (16) attributes when parsing netlink attributes. Rise a warning in case there is ever a nft expression whose .maxattr goes beyond this number of expressions, in such case, struct nft_expr_info needs to be updated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-06 23:52:02 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-17 12:02:46 +0100
commit: 65b3bd600e15e00fb9e433bbc8aa55e42b202055 (patch)
tree: a6b3f3c4e36c111049127d4fc8b0da356835371b
parent: 0617c3de9b4026b87be12b0cb5c35f42c7c66fcb (diff)
download: linux-dlm-65b3bd600e15e00fb9e433bbc8aa55e42b202055.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a90a364f5be5a8..2548d7d56408cb 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2977,6 +2977,9 @@ static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info,
  */
 int nft_register_expr(struct nft_expr_type *type)
 {
+	if (WARN_ON_ONCE(type->maxattr > NFT_EXPR_MAXATTR))
+		return -ENOMEM;
+
 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
 	if (type->family == NFPROTO_UNSPEC)
 		list_add_tail_rcu(&type->list, &nf_tables_expressions);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-06 23:52:02 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-17 12:02:46 +0100
commit	65b3bd600e15e00fb9e433bbc8aa55e42b202055 (patch)
tree	a6b3f3c4e36c111049127d4fc8b0da356835371b
parent	0617c3de9b4026b87be12b0cb5c35f42c7c66fcb (diff)
download	linux-dlm-65b3bd600e15e00fb9e433bbc8aa55e42b202055.tar.gz