netfilter: nf_tables: validate maximum value of u32 netlink attributes

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nft_immediate.c

diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index db3b746858e35a008ad0668f42e6037e36e1f80e..d17018ff54e6e67accc7f60e22f3cbfea6adfa94 100644 (file)
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -53,6 +53,10 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
                            tb[NFTA_IMMEDIATE_DATA]);
        if (err < 0)
                return err;
+
+       if (desc.len > U8_MAX)
+               return -ERANGE;
+
        priv->dlen = desc.len;
 
        priv->dreg = nft_parse_register(tb[NFTA_IMMEDIATE_DREG]);