Commit dfffaccf authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'nf-25-01-30' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following batch contains one Netfilter fix:

1) Reject mismatching sum of field_len with set key length which allows
   to create a set without inconsistent pipapo rule width and set key
   length.

* tag 'nf-25-01-30' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: reject mismatching sum of field_len with set key length
====================

Link: https://patch.msgid.link/20250130113307.2327470-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents d7dda216 1b9335a8

net/netfilter/nf_tables_api.c

+4 −4
Original line number Diff line number Diff line
@@ -5078,7 +5078,7 @@ static int nft_set_desc_concat_parse(const struct nlattr *attr, 
static int nft_set_desc_concat(struct nft_set_desc *desc,

			       const struct nlattr *nla)

{

	u32 num_regs = 0, key_num_regs = 0;

	u32 len = 0, num_regs;

	struct nlattr *attr;

	int rem, err, i;
@@ -5092,12 +5092,12 @@ static int nft_set_desc_concat(struct nft_set_desc *desc, 
	}



	for (i = 0; i < desc->field_count; i++)

		num_regs += DIV_ROUND_UP(desc->field_len[i], sizeof(u32));

		len += round_up(desc->field_len[i], sizeof(u32));



	key_num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));

	if (key_num_regs != num_regs)

	if (len != desc->klen)

		return -EINVAL;



	num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));

	if (num_regs > NFT_REG32_COUNT)

		return -E2BIG;