Hi Will, Pablo,
On Tue, Aug 04, 2020 at 01:37:11PM +0200, Pablo Neira Ayuso wrote:
This patch is much smaller and if you confirm this is address the issue, then this is awesome.
Did that ever get confirmed? AFAICT, nothing ended up landing in the stable trees for this.
Cheers,
Will
On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote: [...]
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 31fa94064a62..56d310f8b29a 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[], if (!tb[CTA_TUPLE_IP]) return -EINVAL;
- if (l3num >= NFPROTO_NUMPROTO)
return -EINVAL;l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6.
Other than that, bail out with EOPNOTSUPP.
Thank you.