summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-02-07 14:45:01 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2014-02-07 17:21:45 +0100
commit62f9c8b40d2db915f89a6aa47395412fb29f1cfc (patch)
treefd7ee0b7feb60b557f3d93c6c204019fd6f43a4a /net
parentnetfilter: nft_rbtree: fix data handling of end interval elements (diff)
downloadlinux-62f9c8b40d2db915f89a6aa47395412fb29f1cfc.tar.xz
linux-62f9c8b40d2db915f89a6aa47395412fb29f1cfc.zip
netfilter: nf_tables: fix loop checking with end interval elements
Fix access to uninitialized data for end interval elements. The element data part is uninitialized in interval end elements. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d0c790e3e495..adce01e8bb57 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2998,6 +2998,9 @@ static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx,
const struct nft_set_iter *iter,
const struct nft_set_elem *elem)
{
+ if (elem->flags & NFT_SET_ELEM_INTERVAL_END)
+ return 0;
+
switch (elem->data.verdict) {
case NFT_JUMP:
case NFT_GOTO: