From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter updates for net
Date: Thu, 16 Jan 2020 20:50:35 +0100 [thread overview]
Message-ID: <20200116195044.326614-1-pablo@netfilter.org> (raw)
Hello,
The following patchset contains Netfilter fixes for net:
1) Fix use-after-free in ipset bitmap destroy path, from Cong Wang.
2) Missing init netns in entry cleanup path of arp_tables,
from Florian Westphal.
3) Fix WARN_ON in set destroy path due to missing cleanup on
transaction error.
4) Incorrect netlink sanity check in tunnel, from Florian Westphal.
5) Missing sanity check for erspan version netlink attribute, also
from Florian.
6) Remove WARN in nft_request_module() that can be triggered from
userspace, from Florian Westphal.
7) Memleak in NFTA_HOOK_DEVS netlink parser, from Dan Carpenter.
8) List poison from commit path for flowtables that are added and
deleted in the same batch, from Florian Westphal.
9) Fix NAT ICMP packet corruption, from Eyal Birger.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you.
----------------------------------------------------------------
The following changes since commit c9f53049d4a842db6bcd76f597759a0ef5f65c86:
MAINTAINERS: update my email address (2020-01-11 14:33:39 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 61177e911dad660df86a4553eb01c95ece2f6a82:
netfilter: nat: fix ICMP header corruption on ICMP errors (2020-01-16 15:08:25 +0100)
----------------------------------------------------------------
Cong Wang (1):
netfilter: fix a use-after-free in mtype_destroy()
Dan Carpenter (1):
netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
Eyal Birger (1):
netfilter: nat: fix ICMP header corruption on ICMP errors
Florian Westphal (5):
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
netfilter: nft_tunnel: fix null-attribute check
netfilter: nft_tunnel: ERSPAN_VERSION must not be null
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
netfilter: nf_tables: fix flowtable list del corruption
Pablo Neira Ayuso (1):
netfilter: nf_tables: store transaction list locally while requesting module
net/ipv4/netfilter/arp_tables.c | 19 ++++++++--------
net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +-
net/netfilter/nf_nat_proto.c | 13 +++++++++++
net/netfilter/nf_tables_api.c | 39 ++++++++++++++++++++++-----------
net/netfilter/nft_tunnel.c | 5 ++++-
5 files changed, 54 insertions(+), 24 deletions(-)
next reply other threads:[~2020-01-16 19:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 19:50 Pablo Neira Ayuso [this message]
2020-01-16 19:50 ` [PATCH 1/9] netfilter: fix a use-after-free in mtype_destroy() Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 2/9] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 3/9] netfilter: nf_tables: store transaction list locally while requesting module Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 4/9] netfilter: nft_tunnel: fix null-attribute check Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 5/9] netfilter: nft_tunnel: ERSPAN_VERSION must not be null Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 6/9] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 7/9] netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks() Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 8/9] netfilter: nf_tables: fix flowtable list del corruption Pablo Neira Ayuso
2020-01-16 19:50 ` [PATCH 9/9] netfilter: nat: fix ICMP header corruption on ICMP errors Pablo Neira Ayuso
2020-01-17 9:37 ` [PATCH 0/9] Netfilter updates for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116195044.326614-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).