Hi Dave,
these two patches fix a missing bit on conntrack entries with master
connections created through ctnetlink and some brokeness in the
iptables compat code, causing it to use pointers dumped to userspace
and copied back again to the kernel without any checks for validity.
Pleasy apply, thanks.
net/ipv4/netfilter/ip_tables.c | 57 +++++++--------------------------
net/netfilter/nf_conntrack_netlink.c | 4 ++-
net/netfilter/x_tables.c | 8 +++-
3 files changed, 21 insertions(+), 48 deletions(-)
Pablo Neira Ayuso (1):
[NETFILTER]: ctnetlink: set expected bit for related conntracks
Patrick McHardy (1):
[NETFILTER]: ip_tables: fix compat copy race
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
