[PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function
@ 2024-01-29 19:24 Pablo Neira Ayuso
  2024-01-29 19:24 ` [PATCH nf-next 2/2] netfilter: nf_log: validate nf_logger_find_get() Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2024-01-29 19:24 UTC (permalink / raw)
  To: netfilter-devel

Consolidate pointer fetch to logger and check for NULL in
__find_logger().

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_log.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e16f158388bb..e0bfeb75766f 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -31,10 +31,10 @@ static struct nf_logger *__find_logger(int pf, const char *str_logger)
 	int i;
 
 	for (i = 0; i < NF_LOG_TYPE_MAX; i++) {
-		if (loggers[pf][i] == NULL)
+		log = nft_log_dereference(loggers[pf][i]);
+		if (!log)
 			continue;
 
-		log = nft_log_dereference(loggers[pf][i]);
 		if (!strncasecmp(str_logger, log->name, strlen(log->name)))
 			return log;
 	}
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH nf-next 2/2] netfilter: nf_log: validate nf_logger_find_get()
  2024-01-29 19:24 [PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function Pablo Neira Ayuso
@ 2024-01-29 19:24 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2024-01-29 19:24 UTC (permalink / raw)
  To: netfilter-devel

Sanitize nf_logger_find_get() input parameters, no caller in the tree
passes invalid values.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_log.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e0bfeb75766f..370f8231385c 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type)
 	struct nf_logger *logger;
 	int ret = -ENOENT;
 
+	if (pf >= ARRAY_SIZE(loggers))
+		return -EINVAL;
+	if (type >= NF_LOG_TYPE_MAX)
+		return -EINVAL;
+
 	if (pf == NFPROTO_INET) {
 		ret = nf_logger_find_get(NFPROTO_IPV4, type);
 		if (ret < 0)
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-01-29 19:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-29 19:24 [PATCH nf-next 1/2] netfilter: nf_log: consolidate check for NULL logger in lookup function Pablo Neira Ayuso
2024-01-29 19:24 ` [PATCH nf-next 2/2] netfilter: nf_log: validate nf_logger_find_get() Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).