netfilter: nf_tables: fix chain filter in nf_tables_dump_rules()

ctx->chain may be null now that we have very large object names, so we cannot check for ctx->chain[0] here. Fixes: b7263e071aba7 ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Phil Sutter <phil@nwl.cc>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-12-19 12:01:21 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-12-21 00:15:11 +0100
commit: 24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21 (patch)
tree: fa2e3a41f2c9c59bf759e70a78823ca34646c55d /net
parent: ipv4: Fix use-after-free when flushing FIB tables (diff)
download: linux-dev-24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21.tar.xz
linux-dev-24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 10798b357481..8d4526651661 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
 				continue;
 
 			list_for_each_entry_rcu(chain, &table->chains, list) {
-				if (ctx && ctx->chain[0] &&
+				if (ctx && ctx->chain &&
 				    strcmp(ctx->chain, chain->name) != 0)
 					continue;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-12-19 12:01:21 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-12-21 00:15:11 +0100
commit	24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21 (patch)
tree	fa2e3a41f2c9c59bf759e70a78823ca34646c55d /net
parent	ipv4: Fix use-after-free when flushing FIB tables (diff)
download	linux-dev-24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21.tar.xz linux-dev-24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21.zip