]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
projects / mirror_ubuntu-kernels.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bddc894) | patch
netfilter: nf_tables: validate catch-all set elements
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 17 Apr 2023 10:14:29 +0000 (12:14 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Fri, 16 Jun 2023 12:57:53 +0000 (14:57 +0200)
commit83ec265c7e697e89891d3a07052af5fbffa163d7
treebb25afd97330509be41c28c7fb64483ea93188d0tree
parentbddc8945cd3e7dfbca7725f1b4b1c52e5afb784dcommit | diff
netfilter: nf_tables: validate catch-all set elements

BugLink: https://bugs.launchpad.net/bugs/2023929
[ Upstream commit d46fc894147cf98dd6e8210aa99ed46854191840 ]

catch-all set element might jump/goto to chain that uses expressions
that require validation.

Fixes: aaa31047a6d2 ("netfilter: nftables: add catch-all set element support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
include/net/netfilter/nf_tables.h diff | blob | blame | history
net/netfilter/nf_tables_api.c diff | blob | blame | history
net/netfilter/nft_lookup.c diff | blob | blame | history
Ubuntu combined Linux kernel mirror