| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230718075234.3863-1-fw@strlen.de>
Date: Tue, 18 Jul 2023 09:52:28 +0200
From: Florian Westphal <fw@...len.de>
To: <netfilter-devel@...r.kernel.org>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Eric Dumazet <edumazet@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
<netdev@...r.kernel.org>,
Florian Westphal <fw@...len.de>
Subject: [PATCH nf-next 0/2] netfilter: nf_tables: use NLA_POLICY_MASK instead of manual checks
nf_tables still uses manual attribute validation in multiple places.
Make NLA_POLICY_MASK available with NLA_BE16/NLA_BE32 and then start
using it for flag attribute validation.
Florian Westphal (2):
netlink: allow be16 and be32 types in all uint policy checks
netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag
options
include/net/netlink.h | 10 +++-------
lib/nlattr.c | 6 ++++++
net/netfilter/nft_fib.c | 13 +++++++------
net/netfilter/nft_lookup.c | 6 ++----
net/netfilter/nft_masq.c | 8 +++-----
net/netfilter/nft_nat.c | 8 +++-----
net/netfilter/nft_redir.c | 8 +++-----
7 files changed, 27 insertions(+), 32 deletions(-)
--
2.41.0
Powered by blists - more mailing lists