| From 860c6b29dfe82fdb8b4af6bfdfb1176fc92205c6 Mon Sep 17 00:00:00 2001 |
| From: Jakub Kicinski <kuba@kernel.org> |
| Date: Mon, 2 Mar 2020 21:08:32 -0800 |
| Subject: [PATCH] netfilter: nft_payload: add missing attribute validation for |
| payload csum flags |
| |
| commit 9d6effb2f1523eb84516e44213c00f2fd9e6afff upstream. |
| |
| Add missing attribute validation for NFTA_PAYLOAD_CSUM_FLAGS |
| to the netlink policy. |
| |
| Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields") |
| Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c |
| index 680bd9f38a81..f2ab0066e7a7 100644 |
| --- a/net/netfilter/nft_payload.c |
| +++ b/net/netfilter/nft_payload.c |
| @@ -118,6 +118,7 @@ static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = { |
| [NFTA_PAYLOAD_LEN] = { .type = NLA_U32 }, |
| [NFTA_PAYLOAD_CSUM_TYPE] = { .type = NLA_U32 }, |
| [NFTA_PAYLOAD_CSUM_OFFSET] = { .type = NLA_U32 }, |
| + [NFTA_PAYLOAD_CSUM_FLAGS] = { .type = NLA_U32 }, |
| }; |
| |
| static int nft_payload_init(const struct nft_ctx *ctx, |
| -- |
| 2.7.4 |
| |
