[PATCH 1/2] netfilter: nf_tables: fix wrong length for jump/goto verdicts

[Pablo Neira Ayuso]

From: Florian Westphal <f...@strlen.de>

NFT_JUMP/GOTO erronously sets length to sizeof(void *).

We then allocate insufficient memory when such element is added to a vmap.

Suggested-by: Patrick McHardy <ka...@trash.net>
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
 net/netfilter/nf_tables_api.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 78af83b..ad9d11f 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4340,7 +4340,6 @@ static int nft_verdict_init(const struct nft_ctx *ctx, 
struct nft_data *data,
        case NFT_CONTINUE:
        case NFT_BREAK:
        case NFT_RETURN:
-               desc->len = sizeof(data->verdict);
                break;
        case NFT_JUMP:
        case NFT_GOTO:
@@ -4355,10 +4354,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, 
struct nft_data *data,
 
                chain->use++;
                data->verdict.chain = chain;
-               desc->len = sizeof(data);
                break;
        }
 
+       desc->len = sizeof(data->verdict);
        desc->type = NFT_DATA_VERDICT;
        return 0;
 }
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html