lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Mar 2018 17:15:59 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/5] Netfilter fixes for net

Hi David,

The following patchset contains Netfilter fixes for your net tree, they are:

1) Fixed hashtable representation doesn't support timeout flag, skip it
   otherwise rules to add elements from the packet fail bogusly fail with
   EOPNOTSUPP.

2) Fix bogus error with 32-bits ebtables userspace and 64-bits kernel,
   patch from Florian Westphal.

3) Sanitize proc names in several x_tables extensions, also from Florian.

4) Add sanitization to ebt_among wormhash logic, from Florian.

5) Missing release of hook array in flowtable.


You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit ce380619fab99036f5e745c7a865b21c59f005f6:

  Merge tag 'please-pull-ia64_misc' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux (2018-03-05 20:31:14 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to c04a3f730021c304c7cc4bc30ee57ee70ad98d57:

  netfilter: nf_tables: release flowtable hooks (2018-03-11 21:24:56 +0100)

----------------------------------------------------------------
Florian Westphal (3):
      netfilter: ebtables: fix erroneous reject of last rule
      netfilter: x_tables: add and use xt_check_proc_name
      netfilter: bridge: ebt_among: add more missing match size checks

Pablo Neira Ayuso (2):
      netfilter: nft_set_hash: skip fixed hash if timeout is specified
      netfilter: nf_tables: release flowtable hooks

 include/linux/netfilter/x_tables.h |  2 ++
 net/bridge/netfilter/ebt_among.c   | 34 ++++++++++++++++++++++++++++++++++
 net/bridge/netfilter/ebtables.c    |  6 +++++-
 net/netfilter/nf_tables_api.c      |  1 +
 net/netfilter/nft_set_hash.c       |  2 +-
 net/netfilter/x_tables.c           | 30 ++++++++++++++++++++++++++++++
 net/netfilter/xt_hashlimit.c       | 16 ++++++++++------
 net/netfilter/xt_recent.c          |  6 +++---
 8 files changed, 86 insertions(+), 11 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ