netfilter: nft_log: check the validity of log level

User can specify the log level larger than 7(debug level) via nfnetlink, this is invalid. So in this case, we should report EINVAL to the userspace. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <liping.zhang@spreadtrum.com> 2016-07-18 20:44:16 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-07-21 02:32:33 +0200
commit: 1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch)
tree: 1d46c4bf8ee592f1ba69761f0c93349959adabae
parent: c2d9a4293ced88d7dad7c35c893a31f49f8b64f5 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e1b34ff0ebd03..5f6f088ff06e0 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -79,6 +79,11 @@ static int nft_log_init(const struct nft_ctx *ctx,
 		} else {
 			li->u.log.level = LOGLEVEL_WARNING;
 		}
+		if (li->u.log.level > LOGLEVEL_DEBUG) {
+			err = -EINVAL;
+			goto err1;
+		}
+
 		if (tb[NFTA_LOG_FLAGS] != NULL) {
 			li->u.log.logflags =
 				ntohl(nla_get_be32(tb[NFTA_LOG_FLAGS]));
author	Liping Zhang <liping.zhang@spreadtrum.com>	2016-07-18 20:44:16 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-07-21 02:32:33 +0200
commit	1bc4e0136cb32282d7968e11cfabc40763fdb03c (patch)
tree	1d46c4bf8ee592f1ba69761f0c93349959adabae
parent	c2d9a4293ced88d7dad7c35c893a31f49f8b64f5 (diff)