git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From 4963674c2e71fc062f8f089f0f58ffbb5533060b Mon Sep 17 00:00:00 2001
   2 From: Pablo Neira Ayuso <pablo@netfilter.org>
   3 Date: Tue, 9 Aug 2022 13:39:18 +0200
   4 Subject: netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag
   5
   6 From: Pablo Neira Ayuso <pablo@netfilter.org>
   7
   8 commit 4963674c2e71fc062f8f089f0f58ffbb5533060b upstream.
   9
  10 These are mutually exclusive, actually NFTA_SET_ELEM_KEY_END replaces
  11 the flag notation.
  12
  13 Fixes: 7b225d0b5c6d ("netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute")
  14 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  15 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  16 ---
  17  net/netfilter/nf_tables_api.c |    1 +
  18  1 file changed, 1 insertion(+)
  19
  20 --- a/net/netfilter/nf_tables_api.c
  21 +++ b/net/netfilter/nf_tables_api.c
  22 @@ -5855,6 +5855,7 @@ static int nft_add_set_elem(struct nft_c
  23               nla[NFTA_SET_ELEM_EXPIRATION] ||
  24               nla[NFTA_SET_ELEM_USERDATA] ||
  25               nla[NFTA_SET_ELEM_EXPR] ||
  26 +             nla[NFTA_SET_ELEM_KEY_END] ||
  27               nla[NFTA_SET_ELEM_EXPRESSIONS]))
  28                 return -EINVAL;
  29