Skip to content

Commit

Permalink
netfilter: nft_redir: correct length for loading protocol registers
Browse files Browse the repository at this point in the history 
The values in the protocol registers are two bytes wide.  However, when
parsing the register loads, the code currently uses the larger 16-byte
size of a `union nf_inet_addr`.  Change it to use the (correct) size of
a `union nf_conntrack_man_proto` instead.

Fixes: d07db98 ("netfilter: nf_tables: introduce nft_validate_register_load()")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Jeremy Sowden authored and Pablo Neira Ayuso committed Mar 8, 2023
1 parent ec2c591 commit 1f617b6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/nft_redir.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ static int nft_redir_init(const struct nft_ctx *ctx,
unsigned int plen;
int err;

plen = sizeof_field(struct nf_nat_range, min_addr.all);
plen = sizeof_field(struct nf_nat_range, min_proto.all);
if (tb[NFTA_REDIR_REG_PROTO_MIN]) {
err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MIN],
&priv->sreg_proto_min, plen);
Expand Down

0 comments on commit 1f617b6

Please sign in to comment.