projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: ctnetlink: don't permit ct creation with random tuple
[deliverable/linux.git] / net / netfilter / nf_conntrack_netlink.c
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 627b0e50b2389120e86ed107a3af01d690e07a29..a081915e0531879fe013176b26c4bfa096115143 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1705,6 +1705,9 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
                if (nlh->nlmsg_flags & NLM_F_CREATE) {
                        enum ip_conntrack_events events;
 
+                       if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY])
+                               return -EINVAL;
+
                        ct = ctnetlink_create_conntrack(net, zone, cda, &otuple,
                                                        &rtuple, u3);
                        if (IS_ERR(ct))
Linux kernel - Deliverables
This page took 0.061969 seconds and 5 git commands to generate.