netfilter: nf_tables: missing attribute validation in nf_tables_delflowtable()

author Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 26 Feb 2018 12:16:05 +0000 (13:16 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 27 Feb 2018 07:06:57 +0000 (08:06 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 26 Feb 2018 12:16:05 +0000 (13:16 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Feb 2018 07:06:57 +0000 (08:06 +0100)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 43acdeef045df65241b9a070c073d09742f084d9..2b5aa78979db83a7c33de2ca39432fb2cdd40038 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5161,6 +5161,11 @@ static int nf_tables_delflowtable(struct net *net, struct sock *nlsk,
         struct nft_table *table;
         struct nft_ctx ctx;
  
+       if (!nla[NFTA_FLOWTABLE_TABLE] ||
+           (!nla[NFTA_FLOWTABLE_NAME] &&
+            !nla[NFTA_FLOWTABLE_HANDLE]))
+               return -EINVAL;
+
         table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
                                        family, genmask);
         if (IS_ERR(table))
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 26 Feb 2018 12:16:05 +0000 (13:16 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 27 Feb 2018 07:06:57 +0000 (08:06 +0100)