netfilter: nf_tables_offload: check for register data length mismatches

Make sure register data length does not mismatch immediate data length, otherwise hit EOPNOTSUPP. Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-10-28 15:07:06 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-11-04 18:31:17 +0100
commit: de2a60522343a6cab998f61fd906eae445b19963 (patch)
tree: 7371b190093334ef0c9475a51281e0138b6fe5e4 /net/netfilter/nft_cmp.c
parent: 1204c70d9dcba31164f78ad5d8c88c42335d51f8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
index bd173b1824c6..0744b2bb46da 100644
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -116,7 +116,7 @@ static int __nft_cmp_offload(struct nft_offload_ctx *ctx,
 	u8 *mask = (u8 *)&flow->match.mask;
 	u8 *key = (u8 *)&flow->match.key;
 
-	if (priv->op != NFT_CMP_EQ)
+	if (priv->op != NFT_CMP_EQ || reg->len != priv->len)
 		return -EOPNOTSUPP;
 
 	memcpy(key + reg->offset, &priv->data, priv->len);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-28 15:07:06 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-11-04 18:31:17 +0100
commit	de2a60522343a6cab998f61fd906eae445b19963 (patch)
tree	7371b190093334ef0c9475a51281e0138b6fe5e4 /net/netfilter/nft_cmp.c
parent	1204c70d9dcba31164f78ad5d8c88c42335d51f8 (diff)