diff options
| author | Pablo Neira Ayuso | 2017-05-01 05:58:50 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2017-05-03 03:58:00 -0500 |
| commit | 9744a6fcefcb4d56501d69adb04c24559d353cad (patch) | |
| tree | 679f52405bc4a0003dc105908b207a31dfd211ff /net | |
| parent | 1519fccb34371594f6a629bfad69605bc6f9dde3 (diff) | |
| download | kernel-9744a6fcefcb4d56501d69adb04c24559d353cad.tar.gz kernel-9744a6fcefcb4d56501d69adb04c24559d353cad.tar.xz kernel-9744a6fcefcb4d56501d69adb04c24559d353cad.zip | |
netfilter: nf_tables: check if same extensions are set when adding elements
If no NLM_F_EXCL is set and the element already exists in the set, make
sure that both elements have the same extensions.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 434c739dfeca..11a96e8dd3cd 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -3749,6 +3749,11 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, | |||
| 3749 | err = set->ops->insert(ctx->net, set, &elem, &ext2); | 3749 | err = set->ops->insert(ctx->net, set, &elem, &ext2); |
| 3750 | if (err) { | 3750 | if (err) { |
| 3751 | if (err == -EEXIST) { | 3751 | if (err == -EEXIST) { |
| 3752 | if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) ^ | ||
| 3753 | nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) || | ||
| 3754 | nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) ^ | ||
| 3755 | nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF)) | ||
| 3756 | return -EBUSY; | ||
| 3752 | if ((nft_set_ext_exists(ext, NFT_SET_EXT_DATA) && | 3757 | if ((nft_set_ext_exists(ext, NFT_SET_EXT_DATA) && |
| 3753 | nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) && | 3758 | nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) && |
| 3754 | memcmp(nft_set_ext_data(ext), | 3759 | memcmp(nft_set_ext_data(ext), |