0d2c96af797ba149e559c5875c0151384ab6dd14 - SHIFTPHONES/kernel/common

commit	0d2c96af797ba149e559c5875c0151384ab6dd14	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Fri Dec 06 22:09:14 2019 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Dec 09 13:14:03 2019 +0100
tree	f7bdfa04d63e35348b2b8160841518207119975b
parent	bffc124b6fe37d0ae9b428d104efb426403bb5c9 [diff]

netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init()

Userspace might bogusly sent NFT_DATA_VERDICT in several netlink
attributes that assume NFT_DATA_VALUE. Moreover, make sure that error
path invokes nft_data_release() to decrement the reference count on the
chain object.

Fixes: 96518518cc41 ("netfilter: add nftables")
Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_tables_api.c[diff]
net/netfilter/nft_bitwise.c[diff]
net/netfilter/nft_cmp.c[diff]
net/netfilter/nft_range.c[diff]

4 files changed

tree: f7bdfa04d63e35348b2b8160841518207119975b