Hi,
The following patchset contains Netfilter fixes for net:
1) Missing nul-check in basechain hook netlink dump path, from Gavrilov Ilia.
2) Fix bitwise register tracking, from Jeremy Sowden.
3) Null pointer dereference when accessing conntrack helper,
from Tijs Van Buggenhout.
4) Add schedule point to ipset's call_ad, from Kuniyuki Iwashima.
5) Incorrect boundary check when building chain blob.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-23-06-07
Thanks.
----------------------------------------------------------------
The following changes since commit 9025944fddfed5966c8f102f1fe921ab3aee2c12:
net: fec: add dma_wmb to ensure correct descriptor values (2023-05-19 09:17:53 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-06-07
for you to fetch changes up to 08e42a0d3ad30f276f9597b591f975971a1b0fcf:
netfilter: nf_tables: out-of-bound check in chain blob (2023-06-07 00:43:44 +0200)
----------------------------------------------------------------
netfilter pull request 23-06-07
----------------------------------------------------------------
Gavrilov Ilia (1):
netfilter: nf_tables: Add null check for nla_nest_start_noflag() in nft_dump_basechain_hook()
Jeremy Sowden (1):
netfilter: nft_bitwise: fix register tracking
Kuniyuki Iwashima (1):
netfilter: ipset: Add schedule point in call_ad().
Pablo Neira Ayuso (1):
netfilter: nf_tables: out-of-bound check in chain blob
Tijs Van Buggenhout (1):
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
net/netfilter/ipset/ip_set_core.c | 8 ++++++++
net/netfilter/nf_conntrack_core.c | 3 +++
net/netfilter/nf_tables_api.c | 4 +++-
net/netfilter/nft_bitwise.c | 2 +-
4 files changed, 15 insertions(+), 2 deletions(-)
