netfilter: nft_log: check the validity of log level

User can specify the log level larger than 7(debug level) via nfnetlink, this is invalid. So in this case, we should report EINVAL to the userspace. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <liping.zhang@spreadtrum.com> 2016-07-18 12:44:16 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-07-21 00:32:33 (GMT)
commit: 1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch)
tree: 1d46c4bf8ee592f1ba69761f0c93349959adabae /net
parent: c2d9a4293ced88d7dad7c35c893a31f49f8b64f5 (diff)
download: linux-1bc4e0136cb32282d7968e11cfabc40763fdb03c.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e1b34ff..5f6f088 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
 		} else {
 			li->u.log.level = LOGLEVEL_WARNING;
 		}
+		if (li->u.log.level > LOGLEVEL_DEBUG) {
+			err = -EINVAL;
+			goto err1;
+		}
+
 		if (tb[NFTA_LOG_FLAGS] != NULL) {
 			li->u.log.logflags =
 				ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));
author	Liping Zhang <liping.zhang@spreadtrum.com>	2016-07-18 12:44:16 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-07-21 00:32:33 (GMT)
commit	1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch)
tree	1d46c4bf8ee592f1ba69761f0c93349959adabae /net
parent	c2d9a4293ced88d7dad7c35c893a31f49f8b64f5 (diff)
download	linux-1bc4e0136cb32282d7968e11cfabc40763fdb03c.tar.xz