Skip to content

Commit

Permalink
netfilter: nft_osf: add missing check for DREG attribute
Browse files Browse the repository at this point in the history 
syzbot reports just another NULL deref crash because of missing test
for presence of the attribute.

Reported-by: syzbot+cf23983d697c26c34f60@syzkaller.appspotmail.com
Fixes:  b96af92 ("netfilter: nf_tables: implement Passive OS fingerprint module in nft_osf")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed Jan 18, 2020
1 parent e02d9c4 commit 7eaecf7
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/netfilter/nft_osf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ static int nft_osf_init(const struct nft_ctx *ctx,
int err;
u8 ttl;

if (!tb[NFTA_OSF_DREG])
return -EINVAL;

if (tb[NFTA_OSF_TTL]) {
ttl = nla_get_u8(tb[NFTA_OSF_TTL]);
if (ttl > 2)
Expand Down

0 comments on commit 7eaecf7

Please sign in to comment.