projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 25621b5) | patch
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 29 Jan 2024 12:12:33 +0000 (13:12 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 5 Feb 2024 20:14:36 +0000 (20:14 +0000)
commitcfe3550ea5df292c9e2d608e8c4560032391847e
treebd581dc28ca85e2366e88b5643f689ae2d7c0475tree | snapshot
parent25621b53377d62ee96827a0a5ed97135f86ad1a7commit | diff
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

[ Upstream commit 8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 ]

- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.
- Disallow layer 4 protocol with no ports, since destination port is a
  mandatory attribute for this object.

Fixes: 857b46027d6f ("netfilter: nft_ct: add ct expectations support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/netfilter/nft_ct.c diff | blob | history
Domain: System / Kernel;