diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-27 18:51:39 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-30 11:44:24 +0200 |
| commit | 63283dd21ed2bf25a71909a820ed3e8fe412e15d (patch) | |
| tree | 4ea57690fa3009f5737fbab3385b595f518844c1 /net | |
| parent | e940f5d6ba6a01f8dbb870854d5205d322452730 (diff) | |
| download | linux-63283dd21ed2bf25a71909a820ed3e8fe412e15d.tar.gz | |
netfilter: nf_tables: skip transaction if no update flags in tables
Skip transaction handling for table updates with no changes in the flags. This fixes a crash when passing the table flag with all bits unset. Reported-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ab4566cfcbe4..da5dc37a7402 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -407,6 +407,9 @@ static int nf_tables_updtable(struct nft_ctx *ctx) if (flags & ~NFT_TABLE_F_DORMANT) return -EINVAL; + if (flags == ctx->table->flags) + return 0; + trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE, sizeof(struct nft_trans_table)); if (trans == NULL) |