Vasily Averin <vvs@xxxxxxxxxxxxx> wrote:
> Could you please push this patch into stable@?
> it fixes memory corruption in kernels v3.5 .. v4.10
>
> Lost .data_len definition leads to write beyond end of
> struct nf_ct_h323_master. Usually it corrupts following
> struct nf_conn_nat, however if nat is not loaded it corrupts
> following slab object.
>
> In mainline this problem went away in v4.11,
> after commit 9f0f3ebeda47 ("netfilter: helpers: remove data_len usage
> for inkernel helpers") however many stable kernels are still affected.
>
> cc: stable@xxxxxxxxxxxxxxx
> Fixes: 1afc56794e03 ("netfilter: nf_ct_helper: implement variable length helper private data") # v3.5
> Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
