UPSTREAM: netfilter: nf_tables: bail out on mismatching dynset and set expressions
[ Upstream commit 3701cd39 ] If dynset expressions provided by userspace is larger than the declared set expressions, then bail out. Bug: 316085841 Fixes: 48b0ae04 ("netfilter: nftables: netlink support for several set element expressions") Reported-by:Xingyuan Mo <hdthky0@gmail.com> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Sasha Levin <sashal@kernel.org> (cherry picked from commit cf5f113c) Signed-off-by:
Lee Jones <joneslee@google.com> Change-Id: I4bd3f7e9148d4bc12bbc67ecdd605c2957eb8010
Loading