Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks

Next message: pr-tracker-bot: "Re: [GIT PULL] SPI fixes for v7.0-rc6"
Previous message: Dmitry Baryshkov: "Re: [PATCH] arm64: dts: qcom: sc8280xp: Add ADSP FastRPC node"
In reply to: Marino Dzalto: "[PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH] netfilter: xt_HL: add pr_fmt, default case and NULL checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Fri Apr 03 2026 - 15:51:41 EST

Marino Dzalto <marino.dzalto@xxxxxxxxx> wrote:
> Signed-off-by: Marino Dzalto <marino.dzalto@xxxxxxxxx>
> ---
> net/netfilter/xt_hl.c | 25 +++++++++++++++++++------
> 1 file changed, 19 insertions(+), 6 deletions(-)
>
> diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
> index c1a70f8f0..9434d5ca8 100644
> --- a/net/netfilter/xt_hl.c
> +++ b/net/netfilter/xt_hl.c
> @@ -6,6 +6,7 @@
> * Hop Limit matching module
> * (C) 2001-2002 Maciej Soltysiak <solt@xxxxxxxxxxxxxxxxx>
> */
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> #include <linux/ip.h>
> #include <linux/ipv6.h>
> @@ -25,7 +26,12 @@ MODULE_ALIAS("ip6t_hl");
> static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
> {
> const struct ipt_ttl_info *info = par->matchinfo;
> - const u8 ttl = ip_hdr(skb)->ttl;
> + const u8 ttl;
> +
> + if (!skb)
> + return false;

If this was NULL we'd have crashed already.

> case IPT_TTL_GT:
> return ttl > info->ttl;
> + default:
> + pr_warn("Unknown TTL match mode: %d\n", info->mode);
> + return false;

Please add a .checkentry function and reject this from there.