Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3bc38712 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject 



In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts
can happen when userspace is buggy. Reinject the packet in case of NF_STOP,
drop on unknown verdicts.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 083edca0

net/netfilter/nf_queue.c

+4 −5
Original line number Diff line number Diff line
@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, 


	switch (verdict & NF_VERDICT_MASK) {

	case NF_ACCEPT:

	case NF_STOP:

		info->okfn(skb);

	case NF_STOLEN:

		break;



	case NF_QUEUE:

		if (!nf_queue(&skb, elem, info->pf, info->hook, 

			      info->indev, info->outdev, info->okfn,

			      verdict >> NF_VERDICT_BITS))

			goto next_hook;

		break;

	default:

		kfree_skb(skb);

	}

	rcu_read_unlock();



	if (verdict == NF_DROP)

		kfree_skb(skb);



	kfree(info);

	return;

}