netfilter: nf_log: validate nf_logger_find_get()

Sanitize nf_logger_find_get() input parameters, no caller in the tree
passes invalid values.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index e0bfeb75766ffa2ce00cd5205701a8746d613363..370f8231385cab3a0ddcfb44e4a7a4bbdcd78a38 100644 (file)
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -156,6 +156,11 @@ int nf_logger_find_get(int pf, enum nf_log_type type)
        struct nf_logger *logger;
        int ret = -ENOENT;
 
+       if (pf >= ARRAY_SIZE(loggers))
+               return -EINVAL;
+       if (type >= NF_LOG_TYPE_MAX)
+               return -EINVAL;
+
        if (pf == NFPROTO_INET) {
                ret = nf_logger_find_get(NFPROTO_IPV4, type);
                if (ret < 0)