From 516fb0143deb92bff9615e3a3cfd8bf26d3ee0ba Mon Sep 17 00:00:00 2001
From: James Henstridge <james.henstridge@canonical.com>
Date: Thu, 12 May 2022 16:24:53 +0800
Subject: [PATCH] db: return EINVAL if there are any unknown flags set in the
 comparison op

Signed-off-by: James Henstridge <james.henstridge@canonical.com>
---
 src/db.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/db.c b/src/db.c
index e5975884..f9af89b3 100644
--- a/src/db.c
+++ b/src/db.c
@@ -2331,6 +2331,11 @@ int db_col_rule_add(struct db_filter_col *col,
 				rc = -EINVAL;
 				goto add_return;
 			}
+                        /* Check that no unknown flags are specified in the op */
+                        if ((arg_data.op & ~(SCMP_CMP_OPMASK | SCMP_CMP_32BIT)) != 0) {
+                            rc = -EINVAL;
+                            goto add_return;
+                        }
 		} else {
 			rc = -EINVAL;
 			goto add_return;