diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-07-18 12:44:16 (GMT) |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-21 00:32:33 (GMT) |
commit | 1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch) | |
tree | 1d46c4bf8ee592f1ba69761f0c93349959adabae /net | |
parent | c2d9a4293ced88d7dad7c35c893a31f49f8b64f5 (diff) | |
download | linux-1bc4e0136cb32282d7968e11cfabc40763fdb03c.tar.xz |
netfilter: nft_log: check the validity of log level
User can specify the log level larger than 7(debug level) via
nfnetlink, this is invalid. So in this case, we should report
EINVAL to the userspace.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_log.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c index e1b34ff..5f6f088 100644 --- a/net/netfilter/nft_log.c +++ b/net/netfilter/nft_log.c @@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx, } else { li->u.log.level = LOGLEVEL_WARNING; } + if (li->u.log.level > LOGLEVEL_DEBUG) { + err = -EINVAL; + goto err1; + } + if (tb[NFTA_LOG_FLAGS] != NULL) { li->u.log.logflags = ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS])); |