diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e8624c751ec6ec95279e926d6b235db525fa896a..41abb8281a4c2aa7fa48af9ad3bf810d71734768 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1794,6 +1794,10 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, n++; } } + /* Check for overflow of dlen field */ + err = -EFBIG; + if (size >= 1 << 12) + goto err1; if (nla[NFTA_RULE_USERDATA]) ulen = nla_len(nla[NFTA_RULE_USERDATA]);