Skip to content

Commit

Permalink
netfilter: nft_log: check the validity of log level
Browse files Browse the repository at this point in the history 
User can specify the log level larger than 7(debug level) via
nfnetlink, this is invalid. So in this case, we should report
EINVAL to the userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Liping Zhang authored and Pablo Neira Ayuso committed Jul 21, 2016
1 parent c2d9a42 commit 1bc4e01
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions net/netfilter/nft_log.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
} else {
li->u.log.level = LOGLEVEL_WARNING;
}
if (li->u.log.level > LOGLEVEL_DEBUG) {
err = -EINVAL;
goto err1;
}

if (tb[NFTA_LOG_FLAGS] != NULL) {
li->u.log.logflags =
ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));
Expand Down

0 comments on commit 1bc4e01

Please sign in to comment.