diff options
author | David S. Miller <davem@davemloft.net> | 2021-12-17 10:52:04 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2021-12-17 10:52:04 +0000 |
commit | 8ca4090fec0217bcb89531c8be80fcfa66a397a1 (patch) | |
tree | 50c8ddf240bad6c1bce9c282902034212fc49a29 /net/netfilter/nfnetlink_queue.c | |
parent | b62e3317b68d9c84301940ca8ca9c35a584111b2 (diff) | |
parent | 76f12e632a15a20c8de3532d64a0708cf0e32f11 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Fix UAF in set catch-all element, from Eric Dumazet.
2) Fix MAC mangling for multicast/loopback traffic in nfnetlink_queue
and nfnetlink_log, from Ignacy Gawędzki.
3) Remove expired entries from ctnetlink dump path regardless the tuple
direction, from Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nfnetlink_queue.c')
-rw-r--r-- | net/netfilter/nfnetlink_queue.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 5837e8efc9c2..f0b9e21a2452 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -560,7 +560,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, goto nla_put_failure; if (indev && entskb->dev && - skb_mac_header_was_set(entskb)) { + skb_mac_header_was_set(entskb) && + skb_mac_header_len(entskb) != 0) { struct nfqnl_msg_packet_hw phw; int len; |