netfilter: nfnetlink_queue: do not allow to set unsupported flag bits

Allow setting of only supported flag bits in queue->flags.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index e0d8fd8d4d24c514b86e420c32972fb048f53e95..3b1c1360aedfffb906c0b90c52dfc86a5a26db25 100644 (file)
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -95,5 +95,6 @@ enum nfqnl_attr_config {
 /* Flags for NFQA_CFG_FLAGS */
 #define NFQA_CFG_F_FAIL_OPEN                   (1 << 0)
 #define NFQA_CFG_F_CONNTRACK                   (1 << 1)
+#define NFQA_CFG_F_MAX                         (1 << 2)
 
 #endif /* _NFNETLINK_QUEUE_H */

diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index a0b64920039decfeffdfbbe68cbb02c0f855cce3..c0496a55ad0ceffb5470872cadc83c218a4b70c9 100644 (file)
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -910,6 +910,11 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
                flags = ntohl(nla_get_be32(nfqa[NFQA_CFG_FLAGS]));
                mask = ntohl(nla_get_be32(nfqa[NFQA_CFG_MASK]));
 
+               if (flags >= NFQA_CFG_F_MAX) {
+                       ret = -EOPNOTSUPP;
+                       goto err_out_unlock;
+               }
+
                spin_lock_bh(&queue->lock);
                queue->flags &= ~mask;
                queue->flags |= flags & mask;