| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Aug 2017 19:32:59 +0800
From: Xin Long <lucien.xin@...il.com>
To: network dev <netdev@...r.kernel.org>
Cc: davem@...emloft.net, Pablo Neira Ayuso <pablo@...filter.org>
Subject: [PATCH net] net: sched: set xt_tgchk_param par.nft_compat with false in ipt_init_target
Commit 55917a21d0cc ("netfilter: x_tables: add context to know if
extension runs from nft_compat") introduced a member nft_compat to
xt_tgchk_param structure.
But it didn't set it's value for ipt_init_target. With unexpected
value in par.nft_compat, it may return unexpected result in some
target's checkentry.
This patch is to set par.nft_compat with false in ipt_init_target.
Fixes: 55917a21d0cc ("netfilter: x_tables: add context to know if extension runs from nft_compat")
Signed-off-by: Xin Long <lucien.xin@...il.com>
---
net/sched/act_ipt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index bb06d2ed..7c4816b 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -56,6 +56,7 @@ static int ipt_init_target(struct net *net, struct xt_entry_target *t,
par.targinfo = t->data;
par.hook_mask = hook;
par.family = NFPROTO_IPV4;
+ par.nft_compat = false;
ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false);
if (ret < 0) {
--
2.1.0
Powered by blists - more mailing lists