From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 22 Sep 2010 06:35:36 +0000 (+0200)
Subject: netfilter: ctnetlink: missing validation of CTA_EXPECT_ZONE attribute
X-Git-Tag: v2.6.37-rc1~147^2~3^2~43
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=bcac0dfab191cb53b3f9b43c8014a34070ed58ff;p=karo-tx-linux.git

netfilter: ctnetlink: missing validation of CTA_EXPECT_ZONE attribute

This patch adds the missing validation of the CTA_EXPECT_ZONE
attribute in the ctnetlink code.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 5bae1cd15eea..37533a30413b 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1733,6 +1733,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
 	[CTA_EXPECT_TIMEOUT]	= { .type = NLA_U32 },
 	[CTA_EXPECT_ID]		= { .type = NLA_U32 },
 	[CTA_EXPECT_HELP_NAME]	= { .type = NLA_NUL_STRING },
+	[CTA_EXPECT_ZONE]	= { .type = NLA_U16 },
 };
 
 static int