netfilter: xt_recent: check for unsupported user space flags
Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Tim Gardner
Patrick McHardy
Родитель
0079c5aee3
Коммит
606a9a0263
|
|
@ -20,6 +20,9 @@ enum {
|
||||||
/* Only allowed with --rcheck and --update */
|
/* Only allowed with --rcheck and --update */
|
||||||
#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
|
#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
|
||||||
|
|
||||||
|
#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
|
||||||
|
XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
|
||||||
|
|
||||||
struct xt_recent_mtinfo {
|
struct xt_recent_mtinfo {
|
||||||
__u32 seconds;
|
__u32 seconds;
|
||||||
__u32 hit_count;
|
__u32 hit_count;
|
||||||
|
|
|
||||||
|
|
@ -319,6 +319,11 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
|
||||||
get_random_bytes(&hash_rnd, sizeof(hash_rnd));
|
get_random_bytes(&hash_rnd, sizeof(hash_rnd));
|
||||||
hash_rnd_inited = true;
|
hash_rnd_inited = true;
|
||||||
}
|
}
|
||||||
|
if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
|
||||||
|
pr_info(KBUILD_MODNAME ": Unsupported user space flags "
|
||||||
|
"(%08x)\n", info->check_set);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (hweight8(info->check_set &
|
if (hweight8(info->check_set &
|
||||||
(XT_RECENT_SET | XT_RECENT_REMOVE |
|
(XT_RECENT_SET | XT_RECENT_REMOVE |
|
||||||
XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)
|
XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче