]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
projects / mirror_ubuntu-disco-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91c1a09) | patch
netfilter: fix wrong arithmetics regarding NFT_REJECT_ICMPX_MAX
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Oct 2014 17:02:11 +0000 (19:02 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Oct 2014 18:16:31 +0000 (20:16 +0200)
commitf0d1f04f0a2f662b6b617e24d115fddcf6ef8723
tree32d914b7f1baa5a5d5c01936616425226143c234tree
parent91c1a09b33c902e20e09d9742560cc238a714de5commit | diff
netfilter: fix wrong arithmetics regarding NFT_REJECT_ICMPX_MAX

NFT_REJECT_ICMPX_MAX should be __NFT_REJECT_ICMPX_MAX - 1.

nft_reject_icmp_code() and nft_reject_icmpv6_code() are called from the
packet path, so BUG_ON in case we try to access an unknown abstracted
ICMP code. This should not happen since we already validate this from
nft_reject_{inet,bridge}_init().

Fixes: 51b0a5d ("netfilter: nft_reject: introduce icmp code abstraction for inet and bridge")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/nf_tables.h diff | blob | blame | history
net/netfilter/nft_reject.c diff | blob | blame | history
Ubuntu Disco kernel mirror for Proxmox VE and PMG