Merge tag 'nf-24-06-27' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains two Netfilter fixes for net: Patch #1 fixes CONFIG_SYSCTL=n for a patch coming in the previous PR to move the sysctl toggle to enable SRv6 netfilter hooks from nf_conntrack to the core, from Jianguo Wu. Patch #2 fixes a possible pointer leak to userspace due to insufficient validation of NFT_DATA_VALUE. Linus found this pointer leak to userspace via zdi-disclosures@ and forwarded the notice to Netfilter maintainers, he appears as reporter because whoever found this issue never approached Netfilter maintainers neither via security@ nor in private. netfilter pull request 24-06-27 * tag 'nf-24-06-27' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n ==================== Link: https://patch.msgid.link/20240626233845.151197-1-pablo@netfilter.org Signed-off-by:Paolo Abeni <pabeni@redhat.com>
Showing
- include/net/netfilter/nf_tables.h 5 additions, 0 deletionsinclude/net/netfilter/nf_tables.h
- net/netfilter/nf_hooks_lwtunnel.c 3 additions, 0 deletionsnet/netfilter/nf_hooks_lwtunnel.c
- net/netfilter/nf_tables_api.c 4 additions, 4 deletionsnet/netfilter/nf_tables_api.c
- net/netfilter/nft_lookup.c 2 additions, 1 deletionnet/netfilter/nft_lookup.c
Please register or sign in to comment