git.samba.org / sfrench / cifs-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 259eb32) | patch
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 29 Jan 2024 12:12:33 +0000 (13:12 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 31 Jan 2024 22:14:14 +0000 (23:14 +0100)
commit8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4
tree5cf96a37323e797c0f49d93cacc352869653cc06tree
parent259eb32971e9eb24d1777a28d82730659f50fdcbcommit | diff
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.
- Disallow layer 4 protocol with no ports, since destination port is a
  mandatory attribute for this object.

Fixes: 857b46027d6f ("netfilter: nft_ct: add ct expectations support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_ct.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.