diff options
| author | Tim Gardner <tim.gardner@canonical.com> | 2010-03-17 16:18:56 +0100 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-03-17 16:18:56 +0100 |
| commit | 606a9a02633c02d0e09fc96706f041053dbc57ee (patch) | |
| tree | 815148645d417a184479d9b83813c53441809e59 | |
| parent | 0079c5aee34880bcee7feee9960f0502c73dc5fa (diff) | |
| download | linux-3.10-606a9a02633c02d0e09fc96706f041053dbc57ee.tar.gz linux-3.10-606a9a02633c02d0e09fc96706f041053dbc57ee.tar.bz2 linux-3.10-606a9a02633c02d0e09fc96706f041053dbc57ee.zip | |
netfilter: xt_recent: check for unsupported user space flags
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | include/linux/netfilter/xt_recent.h | 3 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h index bba990ecb01..83318e01425 100644 --- a/include/linux/netfilter/xt_recent.h +++ b/include/linux/netfilter/xt_recent.h @@ -20,6 +20,9 @@ enum { /* Only allowed with --rcheck and --update */ #define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) +#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\ + XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP) + struct xt_recent_mtinfo { __u32 seconds; __u32 hit_count; diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index b65eca9e13a..d2e7c80cd3c 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) get_random_bytes(&hash_rnd, sizeof(hash_rnd)); hash_rnd_inited = true; } + if (info->check_set & ~XT_RECENT_VALID_FLAGS) { + pr_info(KBUILD_MODNAME ": Unsupported user space flags " + "(%08x)\n", info->check_set); + return false; + } if (hweight8(info->check_set & (XT_RECENT_SET | XT_RECENT_REMOVE | XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1) |