From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Mon, 18 Jul 2016 12:44:16 +0000 (+0800)
Subject: netfilter: nft_log: check the validity of log level
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=1bc4e0136cb32282d7968e11cfabc40763fdb03c;p=linux-beck.git

netfilter: nft_log: check the validity of log level

User can specify the log level larger than 7(debug level) via
nfnetlink, this is invalid. So in this case, we should report
EINVAL to the userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e1b34ff0ebd0..5f6f088ff06e 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
 		} else {
 			li->u.log.level = LOGLEVEL_WARNING;
 		}
+		if (li->u.log.level > LOGLEVEL_DEBUG) {
+			err = -EINVAL;
+			goto err1;
+		}
+
 		if (tb[NFTA_LOG_FLAGS] != NULL) {
 			li->u.log.logflags =
 				ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));