diff mbox series

[next] etfilter: fix array index out-of-bounds error

Message ID 20210608153408.160652-1-colin.king@canonical.com
State New
Headers show
Series [next] etfilter: fix array index out-of-bounds error | expand

Commit Message

Colin King June 8, 2021, 3:34 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

Currently the array net->nf.hooks_ipv6 is accessed by index hook
before hook is sanity checked. Fix this by moving the sanity check
to before the array access.

Addresses-Coverity: ("Out-of-bounds access")
Fixes: e2cf17d3774c ("netfilter: add new hook nfnl subsystem")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 net/netfilter/nfnetlink_hook.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Pablo Neira Ayuso June 9, 2021, 7:33 p.m. UTC | #1 
On Tue, Jun 08, 2021 at 04:34:08PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>

> 

> Currently the array net->nf.hooks_ipv6 is accessed by index hook

> before hook is sanity checked. Fix this by moving the sanity check

> to before the array access.


Applied, thanks.
diff mbox series

Patch

diff --git a/net/netfilter/nfnetlink_hook.c b/net/netfilter/nfnetlink_hook.c
index 04586dfa2acd..58fda6ac663b 100644
--- a/net/netfilter/nfnetlink_hook.c
+++ b/net/netfilter/nfnetlink_hook.c
@@ -181,9 +181,9 @@  nfnl_hook_entries_head(u8 pf, unsigned int hook, struct net *net, const char *de
 		hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]);
 		break;
 	case NFPROTO_IPV6:
-		hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]);
 		if (hook >= ARRAY_SIZE(net->nf.hooks_ipv6))
 			return ERR_PTR(-EINVAL);
+		hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]);
 		break;
 	case NFPROTO_ARP:
 #ifdef CONFIG_NETFILTER_FAMILY_ARP