netfilter: nf_tables: Allow object names of up to 255 chars
Same conversion as for table names, use NFT_NAME_MAXLEN as upper boundary as well. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
387454901b
commit
6150957521
|
@ -1016,7 +1016,7 @@ int nft_verdict_dump(struct sk_buff *skb, int type,
|
||||||
*/
|
*/
|
||||||
struct nft_object {
|
struct nft_object {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
char name[NFT_OBJ_MAXNAMELEN];
|
char *name;
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
u32 genmask:2,
|
u32 genmask:2,
|
||||||
use:30;
|
use:30;
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN
|
#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN
|
||||||
#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN
|
#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN
|
||||||
#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN
|
#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN
|
||||||
#define NFT_OBJ_MAXNAMELEN 32
|
#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN
|
||||||
#define NFT_USERDATA_MAXLEN 256
|
#define NFT_USERDATA_MAXLEN 256
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -4402,15 +4402,21 @@ static int nf_tables_newobj(struct net *net, struct sock *nlsk,
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
obj->table = table;
|
obj->table = table;
|
||||||
nla_strlcpy(obj->name, nla[NFTA_OBJ_NAME], NFT_OBJ_MAXNAMELEN);
|
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
||||||
|
if (!obj->name) {
|
||||||
|
err = -ENOMEM;
|
||||||
|
goto err2;
|
||||||
|
}
|
||||||
|
|
||||||
err = nft_trans_obj_add(&ctx, NFT_MSG_NEWOBJ, obj);
|
err = nft_trans_obj_add(&ctx, NFT_MSG_NEWOBJ, obj);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err2;
|
goto err3;
|
||||||
|
|
||||||
list_add_tail_rcu(&obj->list, &table->objects);
|
list_add_tail_rcu(&obj->list, &table->objects);
|
||||||
table->use++;
|
table->use++;
|
||||||
return 0;
|
return 0;
|
||||||
|
err3:
|
||||||
|
kfree(obj->name);
|
||||||
err2:
|
err2:
|
||||||
if (obj->type->destroy)
|
if (obj->type->destroy)
|
||||||
obj->type->destroy(obj);
|
obj->type->destroy(obj);
|
||||||
|
@ -4626,6 +4632,7 @@ static void nft_obj_destroy(struct nft_object *obj)
|
||||||
obj->type->destroy(obj);
|
obj->type->destroy(obj);
|
||||||
|
|
||||||
module_put(obj->type->owner);
|
module_put(obj->type->owner);
|
||||||
|
kfree(obj->name);
|
||||||
kfree(obj);
|
kfree(obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue