git.baikalelectronics.ru Git - kernel.git/commit

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Missing sanitization of rateest userspace string, bug has been
   triggered by syzbot, patch from Florian Westphal.

2) Report EOPNOTSUPP on missing set features in nft_dynset, otherwise
   error reporting to userspace via EINVAL is misleading since this is
   reserved for malformed netlink requests.

3) New binaries with old kernels might silently accept several set
   element expressions. New binaries set on the NFT_SET_EXPR and
   NFT_DYNSET_F_EXPR flags to request for several expressions per
   element, hence old kernels which do not support for this bail out
   with EOPNOTSUPP.

* git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf:
  netfilter: nftables: add set expression flags
  netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
  netfilter: xt_RATEEST: reject non-null terminated string from userspace
====================

Link: https://lore.kernel.org/r/20210103192920.18639-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

author	Jakub Kicinski <kuba@kernel.org>
	Mon, 4 Jan 2021 22:02:02 +0000 (14:02 -0800)
committer	Jakub Kicinski <kuba@kernel.org>
	Mon, 4 Jan 2021 22:02:02 +0000 (14:02 -0800)
commit	75ddd399a508065644fe257ae2fade3151cdf307
tree	e05ccbd29e11a3500511914a2a03896a32a99df1	tree \| snapshot
parent	3d371c6c72a2f6521c8e871680250d83bbf4bf50	commit \| diff
parent	0e67f80ae2ae75a3220099353aec435359fd83c7	commit \| diff