Commit 9fedd894 authored Nov 02, 2019 by Fernando Fernandez Mancera Committed by Pablo Neira Ayuso Nov 04, 2019

netfilter: nf_tables: fix unexpected EOPNOTSUPP error

If the object type doesn't implement an update operation and the user tries to
update it will silently ignore the update operation.

Fixes: aa4095a1 ("netfilter: nf_tables: fix possible null-pointer dereference in object update")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 250367c5

net/netfilter/nf_tables_api.c

+2 −4

Original line number	Diff line number	Diff line
		@@ -5143,9 +5143,6 @@ static int nf_tables_updobj(const struct nft_ctx *ctx,
		struct nft_trans *trans;
		int err;

		if (!obj->ops->update)
		return -EOPNOTSUPP;

		trans = nft_trans_alloc(ctx, NFT_MSG_NEWOBJ,
		sizeof(struct nft_trans_obj));
		if (!trans)
		@@ -6499,6 +6496,7 @@ static void nft_obj_commit_update(struct nft_trans *trans)
		obj = nft_trans_obj(trans);
		newobj = nft_trans_obj_newobj(trans);

		if (obj->ops->update)
		obj->ops->update(obj, newobj);

		kfree(newobj);