Commit 74784da8 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains two one-liner fixes for your net tree,
they are:

1) Disable fast hash operations for 2-bytes length keys which is leading
   to incorrect lookups in nf_tables, from Anatole Denis.

2) Reload pointer ipv4 header after ip_route_me_harder() given this may
   result in use-after-free due to skbuff header reallocation, patch
   from Tejaswi Tanikella.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 18129a24 7400bb4b

net/ipv4/netfilter/nf_reject_ipv4.c

+2 −0
Original line number Diff line number Diff line
@@ -132,6 +132,8 @@ void nf_send_reset(struct net *net, struct sk_buff *oldskb, int hook) 
	if (ip_route_me_harder(net, nskb, RTN_UNSPEC))

		goto free_nskb;



	niph = ip_hdr(nskb);



	/* "Never happens" */

	if (nskb->len > dst_mtu(skb_dst(nskb)))

		goto free_nskb;

net/netfilter/nft_set_hash.c

+0 −1
Original line number Diff line number Diff line
@@ -643,7 +643,6 @@ nft_hash_select_ops(const struct nft_ctx *ctx, const struct nft_set_desc *desc, 
{

	if (desc->size) {

		switch (desc->klen) {

		case 2:

		case 4:

			return &nft_hash_fast_ops;

		default:

CRA Git | Maintained and supported by SUSTech CRA and CCSE