[PATCH nf] netfilter: nf_tables: validate NFTA_SET_TABLE parameter

If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is not set, then a NULL pointer dereference is triggered in nf_tables_set_lookup because ctx.table is NULL. Signed-off-by: Phil Turnbull <phil.turnb...@oracle.com> --- net/netfilter/nf_tables_api.c | 2 ++ 1 file chan

[PATCH nf] netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter

If a quota bit is set in NFACCT_FLAGS but the NFACCT_QUOTA parameter is missing then a NULL pointer dereference is triggered. CAP_NET_ADMIN is required to trigger the bug. Signed-off-by: Phil Turnbull <phil.turnb...@oracle.com> --- net/netfilter/nfnetlink_acct.c | 2 ++ 1 file chan

[PATCH nf] netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters

nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer dereference. CAP_NET_ADMIN is required to trigger the bug. Signed-off-by: Phil Turnbull <phil.turnb...@oracle.com> --- net/netfilter/nfnetlink_acct.c | 3 +++