From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/2] Netfilter fixes for net
Date: Wed, 1 Nov 2017 19:48:10 +0100 [thread overview]
Message-ID: <20171101184812.4813-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains two one-liner fixes for your net tree,
they are:
1) Disable fast hash operations for 2-bytes length keys which is leading
to incorrect lookups in nf_tables, from Anatole Denis.
2) Reload pointer ipv4 header after ip_route_me_harder() given this may
result in use-after-free due to skbuff header reallocation, patch
from Tejaswi Tanikella.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 28e33f9d78eefe98ea86673ab31e988b37a9a738:
bpf: disallow arithmetic operations on context pointer (2017-10-18 13:21:13 +0100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 7400bb4b5800831581a82f71700af6a5e815c3c8:
netfilter: nf_reject_ipv4: Fix use-after-free in send_reset (2017-11-01 12:15:29 +0100)
----------------------------------------------------------------
Anatole Denis (1):
netfilter: nft_set_hash: disable fast_ops for 2-len keys
Tejaswi Tanikella (1):
netfilter: nf_reject_ipv4: Fix use-after-free in send_reset
net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++
net/netfilter/nft_set_hash.c | 1 -
2 files changed, 2 insertions(+), 1 deletion(-)
next reply other threads:[~2017-11-01 18:48 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-01 18:48 Pablo Neira Ayuso [this message]
2017-11-01 18:48 ` [PATCH 1/2] netfilter: nft_set_hash: disable fast_ops for 2-len keys Pablo Neira Ayuso
2017-11-01 18:48 ` [PATCH 2/2] netfilter: nf_reject_ipv4: Fix use-after-free in send_reset Pablo Neira Ayuso
2017-11-02 7:53 ` [PATCH 0/2] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-07-04 0:13 Pablo Neira Ayuso
2020-07-05 0:47 ` David Miller
2020-04-29 21:48 Pablo Neira Ayuso
2020-05-01 1:07 ` David Miller
2020-04-21 10:37 Pablo Neira Ayuso
2020-04-21 18:50 ` David Miller
2019-10-02 18:53 Pablo Neira Ayuso
2019-10-02 20:23 ` David Miller
2019-02-11 16:53 Pablo Neira Ayuso
2019-02-11 18:43 ` David Miller
2017-09-20 10:49 Pablo Neira Ayuso
2017-09-20 23:08 ` David Miller
2017-07-06 12:54 Pablo Neira Ayuso
2017-07-06 13:03 ` David Miller
2015-12-22 17:53 Pablo Neira Ayuso
2015-12-22 19:55 ` David Miller
2015-04-27 18:41 Pablo Neira Ayuso
2015-04-28 3:13 ` David Miller
2014-11-20 12:30 Pablo Neira Ayuso
2014-11-21 5:12 ` David Miller
2014-01-07 22:13 [PATCH 0/2] netfilter " Pablo Neira Ayuso
2014-01-07 23:38 ` David Miller
2013-12-13 18:24 Pablo Neira Ayuso
2013-12-17 20:07 ` David Miller
2013-04-19 1:16 Pablo Neira Ayuso
2013-04-19 18:25 ` David Miller
2013-02-26 13:45 pablo
2013-02-26 22:24 ` David Miller
2012-11-22 9:10 pablo
2012-11-22 20:28 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171101184812.4813-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).