diff options
| author | Fernando Fernandez Mancera <[email protected]> | 2019-09-04 14:29:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <[email protected]> | 2019-09-05 13:40:27 +0200 |
| commit | aa4095a156b56b00ca202d482b40d191ef5c54e8 (patch) | |
| tree | ecc33ed2faaa21413fdf5b94f4a1194b999ba169 | |
| parent | 85936e56e92375661cc15ee29223a40dcfc99455 (diff) | |
netfilter: nf_tables: fix possible null-pointer dereference in object update
Not all objects have an update operation. If the object type doesn't
implement an update operation and the user tries to update it will hit
EOPNOTSUPP.
Fixes: d62d0ba97b58 ("netfilter: nf_tables: Introduce stateful object update operation")
Signed-off-by: Fernando Fernandez Mancera <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index cf767bc58e18..013d28899cab 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5140,6 +5140,9 @@ static int nf_tables_updobj(const struct nft_ctx *ctx, struct nft_trans *trans; int err; + if (!obj->ops->update) + return -EOPNOTSUPP; + trans = nft_trans_alloc(ctx, NFT_MSG_NEWOBJ, sizeof(struct nft_trans_obj)); if (!trans) |