Commit 606a9a02 authored by Tim Gardner's avatar Tim Gardner Committed by Patrick McHardy

netfilter: xt_recent: check for unsupported user space flags

Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 0079c5ae
...@@ -20,6 +20,9 @@ enum { ...@@ -20,6 +20,9 @@ enum {
/* Only allowed with --rcheck and --update */ /* Only allowed with --rcheck and --update */
#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) #define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
struct xt_recent_mtinfo { struct xt_recent_mtinfo {
__u32 seconds; __u32 seconds;
__u32 hit_count; __u32 hit_count;
......
...@@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) ...@@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
get_random_bytes(&hash_rnd, sizeof(hash_rnd)); get_random_bytes(&hash_rnd, sizeof(hash_rnd));
hash_rnd_inited = true; hash_rnd_inited = true;
} }
if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
pr_info(KBUILD_MODNAME ": Unsupported user space flags "
"(%08x)\n", info->check_set);
return false;
}
if (hweight8(info->check_set & if (hweight8(info->check_set &
(XT_RECENT_SET | XT_RECENT_REMOVE | (XT_RECENT_SET | XT_RECENT_REMOVE |
XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1) XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment