netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_ch…

…ain() commit adc972c5b88829d38ede08b1069718661c7330ae upstream. When depth of chain is bigger than NFT_JUMP_STACK_SIZE, the nft_do_chain crashes. But there is no need to crash hard here. Suggested-by: Florian Westphal <[email protected]> Signed-off-by: Taehee Yoo <[email protected]> Acked-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
klaby · Jul 11, 2018 · 440bf5a · 440bf5a
1 parent 8391d38
commit 440bf5a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
@@ -185,7 +185,8 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 
 	switch (regs.verdict.code) {
 	case NFT_JUMP:
-		BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
+		if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE))
+			return NF_DROP;
 		jumpstack[stackptr].chain = chain;
 		jumpstack[stackptr].rule  = rule;
 		jumpstack[stackptr].rulenum = rulenum;