netfilter: x_physdev: reject empty or not-nul terminated device names

Reject names that lack a \0 character and reject the empty string as
well. iptables allows this but it fails to re-parse iptables-save output
that contain such rules.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index 343e65f377d442a9fda9e3556b04cbb7fea20174..53997771013f6776b7dcbd2bcd7595fb8acb3667 100644 (file)
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -107,6 +107,28 @@ static int physdev_mt_check(const struct xt_mtchk_param *par)
                return -EINVAL;
        }
 
+#define X(memb) strnlen(info->memb, sizeof(info->memb)) >= sizeof(info->memb)
+       if (info->bitmask & XT_PHYSDEV_OP_IN) {
+               if (info->physindev[0] == '\0')
+                       return -EINVAL;
+               if (X(physindev))
+                       return -ENAMETOOLONG;
+       }
+
+       if (info->bitmask & XT_PHYSDEV_OP_OUT) {
+               if (info->physoutdev[0] == '\0')
+                       return -EINVAL;
+
+               if (X(physoutdev))
+                       return -ENAMETOOLONG;
+       }
+
+       if (X(in_mask))
+               return -ENAMETOOLONG;
+       if (X(out_mask))
+               return -ENAMETOOLONG;
+#undef X
+
        if (!brnf_probed) {
                brnf_probed = true;
                request_module("br_netfilter");