| Message ID | 20241031100117.152995-1-pablo@netfilter.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Netfilter fixes for net | expand |
Hello: This series was applied to netdev/net.git (main) by Pablo Neira Ayuso <pablo@netfilter.org>: On Thu, 31 Oct 2024 11:01:13 +0100 you wrote: > Hi, > > The following patchset contains Netfilter fixes for net: > > 1) Remove unused parameters in conntrack_dump_flush.c used by > selftests, from Liu Jing. > > [...] Here is the summary with links: - [net,1/4] selftests: netfilter: remove unused parameter https://git.kernel.org/netdev/net/c/76342e842587 - [net,2/4] netfilter: Fix use-after-free in get_info() https://git.kernel.org/netdev/net/c/f48d258f0ac5 - [net,3/4] netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() https://git.kernel.org/netdev/net/c/4ed234fe793f - [net,4/4] netfilter: nft_payload: sanitize offset and length before calling skb_checksum() https://git.kernel.org/netdev/net/c/d5953d680f7e You are awesome, thank you!
Hi, The following patchset contains Netfilter fixes for net: 1) Remove unused parameters in conntrack_dump_flush.c used by selftests, from Liu Jing. 2) Fix possible UaF when removing xtables module via getsockopt() interface, from Dong Chenchen. 3) Fix potential crash in nf_send_reset6() reported by syzkaller. From Eric Dumazet 4) Validate offset and length before calling skb_checksum() in nft_payload, otherwise hitting BUG() is possible. Please, apply, Thanks. Dong Chenchen (1): netfilter: Fix use-after-free in get_info() Eric Dumazet (1): netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Liu Jing (1): selftests: netfilter: remove unused parameter Pablo Neira Ayuso (1): netfilter: nft_payload: sanitize offset and length before calling skb_checksum() net/ipv6/netfilter/nf_reject_ipv6.c | 15 +++++++-------- net/netfilter/nft_payload.c | 3 +++ net/netfilter/x_tables.c | 2 +- .../net/netfilter/conntrack_dump_flush.c | 6 +++--- 4 files changed, 14 insertions(+), 12 deletions(-)