From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 29 Jan 2024 19:24:25 +0000 (+0100)
Subject: netfilter: nf_log: validate nf_logger_find_get()
X-Git-Tag: v6.9-rc1~159^2~195^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c47ec2b120b4a9d573e65baa33ff3f542f7ba273;p=thirdparty%2Flinux.git

netfilter: nf_log: validate nf_logger_find_get()

Sanitize nf_logger_find_get() input parameters, no caller in the tree
passes invalid values.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e0bfeb75766ff..370f8231385ca 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type)
 	struct nf_logger *logger;
 	int ret = -ENOENT;
 
+	if (pf >= ARRAY_SIZE(loggers))
+		return -EINVAL;
+	if (type >= NF_LOG_TYPE_MAX)
+		return -EINVAL;
+
 	if (pf == NFPROTO_INET) {
 		ret = nf_logger_find_get(NFPROTO_IPV4, type);
 		if (ret < 0)