Skip to content
Commit 33d1c018 authored by Dan Carpenter's avatar Dan Carpenter Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook() 



I believe that "hook->num" can be up to UINT_MAX.  Shifting more than
31 bits would is undefined in C but in practice it would lead to shift
wrapping.  That would lead to an array overflow in nf_tables_addchain():

	ops->hook       = hook.type->hooks[ops->hooknum];

Fixes: fe19c04c ("netfilter: nf_tables: remove nhooks field from struct nft_af_info")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 3c791076
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment