Skip to content

Commit fbcd5f4

Browse files
Phil Sutterummakynes
Phil Sutter
authored and
ummakynes
committed
netfilter: nf_tables: Allow table names of up to 255 chars
Allocate all table names dynamically to allow for arbitrary lengths but introduce NFT_NAME_MAXLEN as an upper sanity boundary. It's value was chosen to allow using a domain name as per RFC 1035. Signed-off-by: Phil Sutter <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 5a35fd1 commit fbcd5f4

File tree

4 files changed

+40
-16
lines changed

4 files changed

+40
-16
lines changed

include/net/netfilter/nf_tables.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -957,7 +957,7 @@ struct nft_table {
957957
u32 use;
958958
u16 flags:14,
959959
genmask:2;
960-
char name[NFT_TABLE_MAXNAMELEN];
960+
char *name;
961961
};
962962

963963
enum nft_af_flags {

include/uapi/linux/netfilter/nf_tables.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
#ifndef _LINUX_NF_TABLES_H
22
#define _LINUX_NF_TABLES_H
33

4-
#define NFT_TABLE_MAXNAMELEN 32
4+
#define NFT_NAME_MAXLEN 256
5+
#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN
56
#define NFT_CHAIN_MAXNAMELEN 32
67
#define NFT_SET_MAXNAMELEN 32
78
#define NFT_OBJ_MAXNAMELEN 32

net/netfilter/nf_tables_api.c

Lines changed: 36 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -726,7 +726,10 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
726726
if (table == NULL)
727727
goto err2;
728728

729-
nla_strlcpy(table->name, name, NFT_TABLE_MAXNAMELEN);
729+
table->name = nla_strdup(name, GFP_KERNEL);
730+
if (table->name == NULL)
731+
goto err3;
732+
730733
INIT_LIST_HEAD(&table->chains);
731734
INIT_LIST_HEAD(&table->sets);
732735
INIT_LIST_HEAD(&table->objects);
@@ -735,10 +738,12 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk,
735738
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
736739
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
737740
if (err < 0)
738-
goto err3;
741+
goto err4;
739742

740743
list_add_tail_rcu(&table->list, &afi->tables);
741744
return 0;
745+
err4:
746+
kfree(table->name);
742747
err3:
743748
kfree(table);
744749
err2:
@@ -865,6 +870,7 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx)
865870
{
866871
BUG_ON(ctx->table->use > 0);
867872

873+
kfree(ctx->table->name);
868874
kfree(ctx->table);
869875
module_put(ctx->afi->owner);
870876
}
@@ -1972,7 +1978,7 @@ static void nf_tables_rule_notify(const struct nft_ctx *ctx,
19721978
}
19731979

19741980
struct nft_rule_dump_ctx {
1975-
char table[NFT_TABLE_MAXNAMELEN];
1981+
char *table;
19761982
char chain[NFT_CHAIN_MAXNAMELEN];
19771983
};
19781984

@@ -1997,7 +2003,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
19972003
continue;
19982004

19992005
list_for_each_entry_rcu(table, &afi->tables, list) {
2000-
if (ctx && ctx->table[0] &&
2006+
if (ctx && ctx->table &&
20012007
strcmp(ctx->table, table->name) != 0)
20022008
continue;
20032009

@@ -2037,7 +2043,12 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
20372043

20382044
static int nf_tables_dump_rules_done(struct netlink_callback *cb)
20392045
{
2040-
kfree(cb->data);
2046+
struct nft_rule_dump_ctx *ctx = cb->data;
2047+
2048+
if (ctx) {
2049+
kfree(ctx->table);
2050+
kfree(ctx);
2051+
}
20412052
return 0;
20422053
}
20432054

@@ -2069,9 +2080,14 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk,
20692080
if (!ctx)
20702081
return -ENOMEM;
20712082

2072-
if (nla[NFTA_RULE_TABLE])
2073-
nla_strlcpy(ctx->table, nla[NFTA_RULE_TABLE],
2074-
sizeof(ctx->table));
2083+
if (nla[NFTA_RULE_TABLE]) {
2084+
ctx->table = nla_strdup(nla[NFTA_RULE_TABLE],
2085+
GFP_KERNEL);
2086+
if (!ctx->table) {
2087+
kfree(ctx);
2088+
return -ENOMEM;
2089+
}
2090+
}
20752091
if (nla[NFTA_RULE_CHAIN])
20762092
nla_strlcpy(ctx->chain, nla[NFTA_RULE_CHAIN],
20772093
sizeof(ctx->chain));
@@ -4410,7 +4426,7 @@ static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net,
44104426
}
44114427

44124428
struct nft_obj_filter {
4413-
char table[NFT_OBJ_MAXNAMELEN];
4429+
char *table;
44144430
u32 type;
44154431
};
44164432

@@ -4475,7 +4491,10 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
44754491

44764492
static int nf_tables_dump_obj_done(struct netlink_callback *cb)
44774493
{
4478-
kfree(cb->data);
4494+
struct nft_obj_filter *filter = cb->data;
4495+
4496+
kfree(filter->table);
4497+
kfree(filter);
44794498

44804499
return 0;
44814500
}
@@ -4489,9 +4508,13 @@ nft_obj_filter_alloc(const struct nlattr * const nla[])
44894508
if (!filter)
44904509
return ERR_PTR(-ENOMEM);
44914510

4492-
if (nla[NFTA_OBJ_TABLE])
4493-
nla_strlcpy(filter->table, nla[NFTA_OBJ_TABLE],
4494-
NFT_TABLE_MAXNAMELEN);
4511+
if (nla[NFTA_OBJ_TABLE]) {
4512+
filter->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_KERNEL);
4513+
if (!filter->table) {
4514+
kfree(filter);
4515+
return ERR_PTR(-ENOMEM);
4516+
}
4517+
}
44954518
if (nla[NFTA_OBJ_TYPE])
44964519
filter->type = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
44974520

net/netfilter/nf_tables_trace.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -175,7 +175,7 @@ void nft_trace_notify(struct nft_traceinfo *info)
175175
return;
176176

177177
size = nlmsg_total_size(sizeof(struct nfgenmsg)) +
178-
nla_total_size(NFT_TABLE_MAXNAMELEN) +
178+
nla_total_size(strlen(info->chain->table->name)) +
179179
nla_total_size(NFT_CHAIN_MAXNAMELEN) +
180180
nla_total_size_64bit(sizeof(__be64)) + /* rule handle */
181181
nla_total_size(sizeof(__be32)) + /* trace type */

0 commit comments

Comments
 (0)