Hi Will,
Pablo is going to add the latest patch to the nf.git tree. Once that happens, I'm going to propose the patch in nf.git get cherry-picked to the -stable branches.
Thanks, Will
On Tue, Sep 1, 2020 at 8:36 AM Will Deacon will@kernel.org wrote:
Hi Will, Pablo,
On Tue, Aug 04, 2020 at 01:37:11PM +0200, Pablo Neira Ayuso wrote:
This patch is much smaller and if you confirm this is address the issue, then this is awesome.
Did that ever get confirmed? AFAICT, nothing ended up landing in the stable trees for this.
Cheers,
Will
On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote: [...]
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 31fa94064a62..56d310f8b29a 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[], if (!tb[CTA_TUPLE_IP]) return -EINVAL;
- if (l3num >= NFPROTO_NUMPROTO)
return -EINVAL;l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6.
Other than that, bail out with EOPNOTSUPP.
Thank you.