projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c765449) | patch
netfilter: nft_exthdr: Search chunks in SCTP packets only
authorPhil Sutter <phil@nwl.cc>
Fri, 11 Jun 2021 17:06:45 +0000 (19:06 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 16 Jun 2021 20:25:01 +0000 (22:25 +0200)
commit5acc44f39458f43dac9724cefa4da29847cfe997
tree68a851bea1e9e6bbcd21e6de9ad0be28f3067866tree | snapshot
parentc7654495916e109f76a67fd3ae68f8fa70ab4faacommit | diff
netfilter: nft_exthdr: Search chunks in SCTP packets only

Since user space does not generate a payload dependency, plain sctp
chunk matches cause searching in non-SCTP packets, too. Avoid this
potential mis-interpretation of packet data by checking pkt->tprot.

Fixes: 133dc203d77df ("netfilter: nft_exthdr: Support SCTP chunks")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_exthdr.c diff | blob | history
Domain: System / Kernel;