diff options
| author | Otavio Salvador <otavio@ossystems.com.br> | 2019-07-15 11:15:02 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-15 11:15:02 -0300 |
| commit | 6b774eec1f9d3064e9b33634dfa99d5666d0a73a (patch) | |
| tree | 64fa879c312d6a52f90e6dbf3f7be2d66de3ddd4 /net/netfilter/nf_tables_api.c | |
| parent | 774f42075a4800fe4106dffca804e3207bc3c2e7 (diff) | |
| parent | 286d8c46ed06d5fc1b8c212356a11a19b2c94bc4 (diff) | |
Merge pull request #50 from MaxKrummenacher/4.14-2.0.x-imx
4.14 2.0.x imx
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index c445d57e3a5b..b149a7219084 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -220,6 +220,18 @@ static int nft_delchain(struct nft_ctx *ctx) return err; } +/* either expr ops provide both activate/deactivate, or neither */ +static bool nft_expr_check_ops(const struct nft_expr_ops *ops) +{ + if (!ops) + return true; + + if (WARN_ON_ONCE((!ops->activate ^ !ops->deactivate))) + return false; + + return true; +} + static void nft_rule_expr_activate(const struct nft_ctx *ctx, struct nft_rule *rule) { @@ -1724,6 +1736,9 @@ static int nf_tables_delchain(struct net *net, struct sock *nlsk, */ int nft_register_expr(struct nft_expr_type *type) { + if (!nft_expr_check_ops(type->ops)) + return -EINVAL; + nfnl_lock(NFNL_SUBSYS_NFTABLES); if (type->family == NFPROTO_UNSPEC) list_add_tail_rcu(&type->list, &nf_tables_expressions); @@ -1873,6 +1888,10 @@ static int nf_tables_expr_parse(const struct nft_ctx *ctx, err = PTR_ERR(ops); goto err1; } + if (!nft_expr_check_ops(ops)) { + err = -EINVAL; + goto err1; + } } else ops = type->ops; |