projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: ensure number of counters is >0 in do_replace()
[deliverable/linux.git] / net / bridge / netfilter / ebtables.c
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 91180a7fc94376ea3ca7eecf274c03c3bc919590..24c7c96bf5f8fc9a2929e6e8a1f18017f880bdd7 100644 (file)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1117,6 +1117,8 @@ static int do_replace(struct net *net, const void __user *user,
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                return -ENOMEM;
+       if (tmp.num_counters == 0)
+               return -EINVAL;
 
        tmp.name[sizeof(tmp.name) - 1] = 0;
 
@@ -2159,6 +2161,8 @@ static int compat_copy_ebt_replace_from_user(struct ebt_replace *repl,
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                return -ENOMEM;
+       if (tmp.num_counters == 0)
+               return -EINVAL;
 
        memcpy(repl, &tmp, offsetof(struct ebt_replace, hook_entry));
 
Linux kernel - Deliverables
This page took 0.044008 seconds and 5 git commands to generate.