diff options
| author |   Patrick McHardy <kaber@trash.net> | 2015-03-21 15:19:16 +0000 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-22 19:50:35 +0100 |
| commit | 55df35d22fe3433032d82b8c67dfd283cb071953 (patch) | |
| tree | 62a1a23f2fac7b2451b0b0f2a8c6d9885e21d12e | |
| parent | netfilter: nft_rbtree: fix locking (diff) | |
| download | linux-dev-55df35d22fe3433032d82b8c67dfd283cb071953.tar.xz linux-dev-55df35d22fe3433032d82b8c67dfd283cb071953.zip | |
netfilter: nf_tables: reject NFT_SET_ELEM_INTERVAL_END flag for non-interval sets
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index a072d8769b9b..f7e3371ce856 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -3138,6 +3138,9 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, elem.flags = ntohl(nla_get_be32(nla[NFTA_SET_ELEM_FLAGS])); if (elem.flags & ~NFT_SET_ELEM_INTERVAL_END) return -EINVAL; + if (!(set->flags & NFT_SET_INTERVAL) && + elem.flags & NFT_SET_ELEM_INTERVAL_END) + return -EINVAL; } if (set->flags & NFT_SET_MAP) { |