summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-07-18 14:44:16 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-07-21 02:32:33 +0200
commit1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch)
tree1d46c4bf8ee592f1ba69761f0c93349959adabae /net
parentnetfilter: nft_log: fix possible memory leak if log expr init fail (diff)
downloadlinux-1bc4e0136cb32282d7968e11cfabc40763fdb03c.tar.xz
linux-1bc4e0136cb32282d7968e11cfabc40763fdb03c.zip
netfilter: nft_log: check the validity of log level
User can specify the log level larger than 7(debug level) via nfnetlink, this is invalid. So in this case, we should report EINVAL to the userspace. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nft_log.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e1b34ff0ebd0..5f6f088ff06e 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
} else {
li->u.log.level = LOGLEVEL_WARNING;
}
+ if (li->u.log.level > LOGLEVEL_DEBUG) {
+ err = -EINVAL;
+ goto err1;
+ }
+
if (tb[NFTA_LOG_FLAGS] != NULL) {
li->u.log.logflags =
ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));