]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
projects / mirror_ubuntu-kernels.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c55c0e9) | patch
netfilter: nf_tables: validate catch-all set elements
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 17 Apr 2023 10:14:29 +0000 (12:14 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 18 Apr 2023 07:12:22 +0000 (09:12 +0200)
commitd46fc894147cf98dd6e8210aa99ed46854191840
tree2fbd07e6a402920e533d3fb11667ae7d7b0aa333tree
parentc55c0e91c813589dc55bea6bf9a9fbfaa10ae41dcommit | diff
netfilter: nf_tables: validate catch-all set elements

catch-all set element might jump/goto to chain that uses expressions
that require validation.

Fixes: aaa31047a6d2 ("netfilter: nftables: add catch-all set element support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h diff | blob | blame | history
net/netfilter/nf_tables_api.c diff | blob | blame | history
net/netfilter/nft_lookup.c diff | blob | blame | history
Ubuntu combined Linux kernel mirror