Commit 1bc4e013 authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso

netfilter: nft_log: check the validity of log level

User can specify the log level larger than 7(debug level) via
nfnetlink, this is invalid. So in this case, we should report
EINVAL to the userspace.
Signed-off-by: default avatarLiping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c2d9a429
...@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx, ...@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
} else { } else {
li->u.log.level = LOGLEVEL_WARNING; li->u.log.level = LOGLEVEL_WARNING;
} }
if (li->u.log.level > LOGLEVEL_DEBUG) {
err = -EINVAL;
goto err1;
}
if (tb[NFTA_LOG_FLAGS] != NULL) { if (tb[NFTA_LOG_FLAGS] != NULL) {
li->u.log.logflags = li->u.log.logflags =
ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS])); ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment