Since
4fefee5 ("netfilter: nf_tables: allow to delete several objects
from a batch"), every new rule bumps the chain use counter. However,
this is limited to 16 bits, which means that it will overrun after
2^16 rules.
Use a u32 chain counter and check for overflows (just like we do for
table objects).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* @net: net namespace that this chain belongs to
* @table: table that this chain belongs to
* @handle: chain handle
- * @flags: bitmask of enum nft_chain_flags
* @use: number of jump references to this chain
* @level: length of longest path to this chain
+ * @flags: bitmask of enum nft_chain_flags
* @name: name of the chain
*/
struct nft_chain {
struct net *net;
struct nft_table *table;
u64 handle;
- u8 flags;
- u16 use;
+ u32 use;
u16 level;
+ u8 flags;
char name[NFT_CHAIN_MAXNAMELEN];
};
if (!create || nlh->nlmsg_flags & NLM_F_REPLACE)
return -EINVAL;
handle = nf_tables_alloc_handle(table);
+
+ if (chain->use == UINT_MAX)
+ return -EOVERFLOW;
}
if (nla[NFTA_RULE_POSITION]) {
projects / users / willy / pagecache.git / commitdiff