summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2017-01-20 21:03:03 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-01-23 23:36:50 +0100
commitb2fbd04498789def80ceba3d5bbc5af7f2f70a5f (patch)
tree7abd176fd1fd381b3bb355affb8bbaad268bb2f5 /include
parente5072053b09642b8ff417d47da05b84720aea3ee (diff)
netfilter: nf_tables: validate the name size when possible
Currently, if the user add a stateful object with the name size exceed NFT_OBJ_MAXNAMELEN - 1 (i.e. 31), we truncate it down to 31 silently. This is not friendly, furthermore, this will cause duplicated stateful objects when the first 31 characters of the name is same. So limit the stateful object's name size to NFT_OBJ_MAXNAMELEN - 1. After apply this patch, error message will be printed out like this: # name_32=$(printf "%0.sQ" {1..32}) # nft add counter filter $name_32 <cmdline>:1:1-52: Error: Could not process rule: Numerical result out of range add counter filter QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Also this patch cleans up the codes which missing the name size limit validation in nftables. Fixes: e50092404c1b ("netfilter: nf_tables: add stateful objects") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions