Micha? Miros?aw <mirqus@xxxxxxxxx> wrote: > 2011/8/11 Florian Westphal <fw@xxxxxxxxx>: > > A userspace listener may send (bogus) NF_STOLEN verdict, which causes > > skb leak. > > > > This problem was previously fixed via > > 64507fdbc29c3a622180378210ecea8659b14e40 (netfilter: > > nf_queue: fix NF_STOLEN skb leak) but this had to be reverted > > because NF_STOLEN can also be returned by a netfilter hook when > > iterating the rules in nf_reinject. > > > > This is complementary to commit fad54440438a7c231a6ae347738423cbabc936d9 > > (netfilter: avoid double free in nf_reinject). > > > > Cc: Julian Anastasov <ja@xxxxxx> > > Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx> > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > One alternative would be to change ip(6)queue and nfqueue > > to fail with -EINVAL if userspace gives NF_STOLEN verdict. > > Thoughts? > > Since userspace is not supposed to pass NF_STOLEN, this would be the > correct fix. > > Just a hint, no guarantees attached. ;) Agreed, it makes more sense to reject it. I'll wait for a few hours before submitting a patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
