2011/8/11 Florian Westphal <fw@xxxxxxxxx>: > A userspace listener may send (bogus) NF_STOLEN verdict, which causes > skb leak. > > This problem was previously fixed via > 64507fdbc29c3a622180378210ecea8659b14e40 (netfilter: > nf_queue: fix NF_STOLEN skb leak) but this had to be reverted > because NF_STOLEN can also be returned by a netfilter hook when > iterating the rules in nf_reinject. > > This is complementary to commit fad54440438a7c231a6ae347738423cbabc936d9 > (netfilter: avoid double free in nf_reinject). > > Cc: Julian Anastasov <ja@xxxxxx> > Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > One alternative would be to change ip(6)queue and nfqueue > to fail with -EINVAL if userspace gives NF_STOLEN verdict. > Thoughts? Since userspace is not supposed to pass NF_STOLEN, this would be the correct fix. Just a hint, no guarantees attached. ;) Best Regards, Michał Mirosław -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
