shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 19:08:57 +09:00
Code Issues Packages Projects Releases Wiki Activity

netfilter: nft_dynset: disallow object maps

Browse Source 
[ Upstream commit 23185c6aed ]

Do not allow to insert elements from datapath to objects maps.

Fixes: 8aeff920dc ("netfilter: nf_tables: add stateful object reference to set elements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Pablo Neira Ayuso
2023-08-15 15:39:02 +02:00
committed by Greg Kroah-Hartman
parent 49f57a9087
commit a7653eaea0
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
net/netfilter/nft_dynset.c
View File

@@ -138,6 +138,9 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
if (IS_ERR(set)) if (IS_ERR(set))
return PTR_ERR(set); return PTR_ERR(set);
if (set->flags & NFT_SET_OBJECT)
return -EOPNOTSUPP;
if (set->ops->update == NULL) if (set->ops->update == NULL)
return -EOPNOTSUPP; return -EOPNOTSUPP;