summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-06-27 18:51:39 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2014-06-30 11:44:24 +0200
commit63283dd21ed2bf25a71909a820ed3e8fe412e15d (patch)
tree4ea57690fa3009f5737fbab3385b595f518844c1 /net
parente940f5d6ba6a01f8dbb870854d5205d322452730 (diff)
downloadlinux-63283dd21ed2bf25a71909a820ed3e8fe412e15d.tar.bz2
netfilter: nf_tables: skip transaction if no update flags in tables
Skip transaction handling for table updates with no changes in the flags. This fixes a crash when passing the table flag with all bits unset. Reported-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ab4566cfcbe4..da5dc37a7402 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -407,6 +407,9 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
if (flags & ~NFT_TABLE_F_DORMANT)
return -EINVAL;
+ if (flags == ctx->table->flags)
+ return 0;
+
trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
sizeof(struct nft_trans_table));
if (trans == NULL)