Received: by 2002:a05:7412:3210:b0:e2:908c:2ebd with SMTP id eu16csp668067rdb; Fri, 1 Sep 2023 00:01:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFORCh3jny58JYh+MdpgVC4QnKkikGw1/N76HqjBuHBpAYzFfuv2HfveDxrZG6SnjnqLPEs X-Received: by 2002:a17:906:224a:b0:9a1:b144:30f0 with SMTP id 10-20020a170906224a00b009a1b14430f0mr1248703ejr.53.1693551709620; Fri, 01 Sep 2023 00:01:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1693551709; cv=none; d=google.com; s=arc-20160816; b=twvDmq60H66Ock/Ch6RMORtD59FjqiZYQKQoIpm5LTz9PfbyUNmfguhE2RBiU9idji imSFKp32J60GtbMUhfmR3qJ1hOMIOQRTNTMhDmI5qwzPTmzzJJSq8Rhy/35DOdOVyQc/ BlqR5JTMYRQg3NzhFakkyNbM0zkQh0p3Xu+200hdr2QafX4shNA5M9wlgVGTPhR7PFmY 4WNsg7umrQm/Kj9DAQd53r91kmZEmoelBUIC0BSjrZMJ6k3RyLEwA2ZDAv+XzuupudqG ChLD/CZ+I4gToc6nLpV/S2U1hvShT2FH+kiRg7zwxUV/6o1j5NimLHJZag19oYK6V3hs FRTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=1nScea7GAuAVQI1BdmHIX0FYfzL7wLV/7QkcTcvCWL4=; fh=BI+T4F8SA0SHDb6m7HWfv63JWeI34VTzFV+4LHBcWNU=; b=i2GlSrL7m+uJfVKFQF1wPZBzmJRBoRxdy3xbD9Zk9nPXAUxMeisjYvWJNTMxriP+fu zefeCPPax1iDHJVDmF45RncnIvm5YqCc72BXP8rAxX3iCoNSc6xSFeo1hLehugzfxkGl W75uQgxx/kqCPkNF7DnHoBb5A8SWEURFORlCwazdFUMbjr1eCsODA0aRCpC+wBpfOGia sbtq8VDcSWTUojCBKLbfeqT3a3RByU7gzdI1fem+8d6I7wb/b0JRp7thUMuZ7UXObZPh hxCtoiL+fIqgM2cZBq8epouUgMeKwCm+UNu/OPtYXYPuDWaIsdZySRbg6g9PfH0cxW+R niow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i17-20020a170906265100b00977e10fafd3si1916755ejc.1045.2023.09.01.00.01.22; Fri, 01 Sep 2023 00:01:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348005AbjIABEk (ORCPT + 99 others); Thu, 31 Aug 2023 21:04:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347966AbjIABEh (ORCPT ); Thu, 31 Aug 2023 21:04:37 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDE74E6A; Thu, 31 Aug 2023 18:04:34 -0700 (PDT) X-IronPort-AV: E=McAfee;i="6600,9927,10819"; a="375009845" X-IronPort-AV: E=Sophos;i="6.02,218,1688454000"; d="scan'208";a="375009845" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2023 18:04:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10819"; a="733361469" X-IronPort-AV: E=Sophos;i="6.02,218,1688454000"; d="scan'208";a="733361469" Received: from pinksteam.jf.intel.com ([10.165.239.231]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2023 18:04:31 -0700 From: joao@overdrivepizza.com To: pablo@netfilter.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, joao@overdrivepizza.com Cc: kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, rkannoth@marvell.com, wojciech.drewek@intel.com, steen.hegenlund@microhip.com, keescook@chromium.org, Joao Moreira Subject: [PATCH 2/2] Ensure num_actions is not a negative Date: Thu, 31 Aug 2023 18:04:37 -0700 Message-ID: <20230901010437.126631-3-joao@overdrivepizza.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230901010437.126631-1-joao@overdrivepizza.com> References: <20230901010437.126631-1-joao@overdrivepizza.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NEUTRAL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joao Moreira In nft_flow_rule_create function, num_actions is a signed integer. Yet, it is processed within a loop which increments its value. To prevent an overflow from occurring, check if num_actions is not only equal to 0, but also not negative. After checking with maintainers, it was mentioned that front-end will cap the num_actions vlaue and that it is not possible to reach such condition for an overflow. Yet, for correctness, it is still better to fix this. Signed-off-by: Joao Moreira --- net/netfilter/nf_tables_offload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index 12ab78fa5d84..20dbc95de895 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -102,7 +102,7 @@ struct nft_flow_rule *nft_flow_rule_create(struct net *net, expr = nft_expr_next(expr); } - if (num_actions == 0) + if (num_actions <= 0) return ERR_PTR(-EOPNOTSUPP); flow = nft_flow_rule_alloc(num_actions); -- 2.41.0