raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-28 13:02:59 +00:00
Code Issues Projects Releases Wiki Activity
Files
fd2c194089eb29e0122c916941f57779fb5df415
linux/include/net/netfilter
History
Pablo Neira Ayuso 5a4bb158f4 netfilter: nf_tables: replace BUG_ON by element length check 
[ Upstream commit c39ba4de6b ]

BUG_ON can be triggered from userspace with an element with a large
userdata area. Replace it by length check and return EINVAL instead.
Over time extensions have been growing in size.

Pick a sufficiently old Fixes: tag to propagate this fix.

Fixes: 7d7402642e ("netfilter: nf_tables: variable sized set element keys / data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-21 21:24:23 +02:00
..
ipv4
netfilter: disable defrag once its no longer needed
2021-04-26 03:20:07 +02:00
ipv6
netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1
2021-09-28 13:04:55 +02:00
br_netfilter.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_acct.h
netfilter: conntrack: add nf_ct_acct_add()
2020-03-30 02:05:39 +02:00
nf_conntrack_bridge.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_core.h
netfilter: conntrack: re-fetch conntrack after insertion
2022-06-06 08:43:38 +02:00
nf_conntrack_count.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
nf_conntrack_ecache.h
netfilter: ecache: remove nf_exp_event_notifier structure
2021-08-25 12:50:38 +02:00
nf_conntrack_expect.h
netfilter: fix coding-style errors.
2019-09-13 11:39:38 +02:00
nf_conntrack_extend.h
netfilter: Replace zero-length array with flexible-array member
2020-03-15 15:20:16 +01:00
nf_conntrack_helper.h
netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()
2022-04-08 14:23:42 +02:00
nf_conntrack_l4proto.h
netfilter: conntrack: pass hook state to log functions
2021-06-18 14:47:43 +02:00
nf_conntrack_labels.h
netfilter: fix include guards.
2019-09-13 11:39:38 +02:00
nf_conntrack_seqadj.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nf_conntrack_synproxy.h
netfilter: conntrack: wrap two inline functions in config checks.
2019-09-13 12:47:10 +02:00
nf_conntrack_timeout.h
netfilter: Replace zero-length array with flexible-array member
2020-03-15 15:20:16 +01:00
nf_conntrack_timestamp.h
netfilter: conntrack: remove two unused functions from nf_conntrack_timestamp.h.
2019-09-13 12:48:09 +02:00
nf_conntrack_tuple.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_conntrack_zones.h
netfilter: conntrack: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h.
2019-09-13 12:47:41 +02:00
nf_conntrack.h
netfilter: conntrack: avoid useless indirection during conntrack destruction
2022-04-27 14:39:01 +02:00
nf_dup_netdev.h
netfilter: nft_{fwd,dup}_netdev: add offload support
2019-09-10 22:44:29 +02:00
nf_flow_table.h
netfilter: flowtable: Fix QinQ and pppoe support for inet table
2022-04-08 14:23:40 +02:00
nf_hooks_lwtunnel.h
netfilter: add netfilter hooks to SRv6 data plane
2021-08-30 01:51:36 +02:00
nf_log.h
netfilter: nf_log_common: merge with nf_log_syslog
2021-03-31 22:34:10 +02:00
nf_nat_helper.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
nf_nat_masquerade.h
netfilter: update include directives.
2019-09-13 12:33:06 +02:00
nf_nat_redirect.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
nf_nat.h
netfilter: nat: move nf_xfrm_me_harder to where it is used
2021-04-26 03:20:07 +02:00
nf_queue.h
netfilter: nf_queue: fix possible use-after-free
2022-03-08 19:12:45 +01:00
nf_reject.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
nf_socket.h
netfilter: Decrease code duplication regarding transparent socket option
2018-06-03 00:02:01 +02:00
nf_synproxy.h
netfilter: remove CONFIG_NETFILTER checks from headers.
2019-09-13 12:47:36 +02:00
nf_tables_core.h
netfilter: nf_tables: add last expression
2021-06-17 03:23:00 +02:00
nf_tables_ipv4.h
netfilter: nf_tables: convert pktinfo->tprot_set to flags field
2022-07-12 16:34:55 +02:00
nf_tables_ipv6.h
netfilter: nf_tables: convert pktinfo->tprot_set to flags field
2022-07-12 16:34:55 +02:00
nf_tables_offload.h
netfilter: nf_tables: bail out early if hardware offload is not supported
2022-06-14 18:36:17 +02:00
nf_tables.h
netfilter: nf_tables: replace BUG_ON by element length check
2022-07-21 21:24:23 +02:00
nf_tproxy.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-07-20 22:28:28 -07:00
nft_fib.h
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_meta.h
netfilter: nftables: add nft_parse_register_store() and use it
2021-01-27 23:16:02 +01:00
nft_reject.h
netfilter: add missing includes to a number of header-files.
2019-08-13 12:14:39 +02:00
xt_rateest.h
netfilter: make xt_rateest hash table per net
2018-03-05 23:15:44 +01:00