Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 60e19518 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree. More
specifically, they are:

1) Fix missing filter table per-netns registration in arptables, from
   Florian Westphal.

2) Resolve out of bound access when parsing TCP options in
   nf_conntrack_tcp, patch from Jozsef Kadlecsik.

3) Prefer NFPROTO_BRIDGE extensions over NFPROTO_UNSPEC in ebtables,
   this resolves conflict between xt_limit and ebt_limit, from Phil Sutter.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 4bc0eb3a bcf49342

net/bridge/netfilter/ebtables.c

+5 −1
Original line number Diff line number Diff line
@@ -370,7 +370,11 @@ ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, 
	    left - sizeof(struct ebt_entry_match) < m->match_size)

		return -EINVAL;



	match = xt_request_find_match(NFPROTO_BRIDGE, m->u.name, 0);

	match = xt_find_match(NFPROTO_BRIDGE, m->u.name, 0);

	if (IS_ERR(match) || match->family != NFPROTO_BRIDGE) {

		request_module("ebt_%s", m->u.name);

		match = xt_find_match(NFPROTO_BRIDGE, m->u.name, 0);

	}

	if (IS_ERR(match))

		return PTR_ERR(match);

	m->u.match = match;

net/ipv4/netfilter/arptable_filter.c

+6 −0
Original line number Diff line number Diff line
@@ -81,6 +81,12 @@ static int __init arptable_filter_init(void) 
		return ret;

	}



	ret = arptable_filter_table_init(&init_net);

	if (ret) {

		unregister_pernet_subsys(&arptable_filter_net_ops);

		kfree(arpfilter_ops);

	}



	return ret;

}

net/netfilter/nf_conntrack_proto_tcp.c

+4 −0
Original line number Diff line number Diff line
@@ -410,6 +410,8 @@ static void tcp_options(const struct sk_buff *skb, 
			length--;

			continue;

		default:

			if (length < 2)

				return;

			opsize=*ptr++;

			if (opsize < 2) /* "silly options" */

				return;
@@ -470,6 +472,8 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, 
			length--;

			continue;

		default:

			if (length < 2)

				return;

			opsize = *ptr++;

			if (opsize < 2) /* "silly options" */

				return;