From c47ec2b120b4a9d573e65baa33ff3f542f7ba273 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 29 Jan 2024 20:24:25 +0100 Subject: [PATCH] netfilter: nf_log: validate nf_logger_find_get() Sanitize nf_logger_find_get() input parameters, no caller in the tree passes invalid values. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- net/netfilter/nf_log.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index e0bfeb75766f..370f8231385c 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c @@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type) struct nf_logger *logger; int ret = -ENOENT; + if (pf >= ARRAY_SIZE(loggers)) + return -EINVAL; + if (type >= NF_LOG_TYPE_MAX) + return -EINVAL; + if (pf == NFPROTO_INET) { ret = nf_logger_find_get(NFPROTO_IPV4, type); if (ret < 0)