bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

netfilter: x_physdev: reject empty or not-nul terminated device names

Browse Source 
Reject names that lack a \0 character and reject the empty string as
well. iptables allows this but it fails to re-parse iptables-save output
that contain such rules.

Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Florian Westphal
2026-03-28 23:00:31 +01:00
parent 8d7de5477e
commit 8df772afc9
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
net/netfilter/xt_physdev.c
View File

@@ -107,6 +107,28 @@ static int physdev_mt_check(const struct xt_mtchk_param *par)
return -EINVAL;
}
#define X(memb) strnlen(info->memb, sizeof(info->memb)) >= sizeof(info->memb)
if (info->bitmask & XT_PHYSDEV_OP_IN) {
if (info->physindev[0] == '\0')
return -EINVAL;
if (X(physindev))
return -ENAMETOOLONG;
}
if (info->bitmask & XT_PHYSDEV_OP_OUT) {
if (info->physoutdev[0] == '\0')
return -EINVAL;
if (X(physoutdev))
return -ENAMETOOLONG;
}
if (X(in_mask))
return -ENAMETOOLONG;
if (X(out_mask))
return -ENAMETOOLONG;
#undef X
if (!brnf_probed) {
brnf_probed = true;
request_module("br_netfilter");