diff options
| author | Kangjie Lu <kjlu@umn.edu> | 2018-12-21 00:46:23 -0600 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-29 02:44:51 +0100 |
| commit | eb8950861c1bfd3eecc8f6faad213e3bca0dc395 (patch) | |
| tree | eba309e7d3e79a7d7f18f6dc44a685f148eec46e | |
| parent | a3c9311f62b4943228ae90f769775dd3bcbfa7c0 (diff) | |
netfilter: nf_tables: fix a missing check of nla_put_failure
If nla_nest_start() may fail. The fix checks its return value and goes
to nla_put_failure if it fails.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fec814dace5a..2b0a93300dd7 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5727,6 +5727,8 @@ static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net, goto nla_put_failure; nest = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK); + if (!nest) + goto nla_put_failure; if (nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_NUM, htonl(flowtable->hooknum)) || nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(flowtable->priority))) goto nla_put_failure; |