[PATCH net 0/6] Netfilter fixes for net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

The following patchset contains Netfilter fixes for net:

1) Reset shift on Boyer-Moore string match for each block,
   from Jeremy Sowden.

2) Fix acccess to non-linear area in DCCP conntrack helper,
   from Florian Westphal.

3) Fix kernel-doc warnings, by Randy Dunlap.

4) Bail out if expires= does not show in SIP helper message,
   or make ct_sip_parse_numerical_param() tristate and report
   error if expires= cannot be parsed.

5) Unbind non-anonymous set in case rule construction fails.

6) Fix underflow in chain reference counter in case set element
   already exists or it cannot be created.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-23-06-27

Thanks.

----------------------------------------------------------------

The following changes since commit 6709d4b7bc2e079241fdef15d1160581c5261c10:

  net: nfc: Fix use-after-free caused by nfc_llcp_find_local (2023-06-26 10:57:23 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-06-27

for you to fetch changes up to b389139f12f287b8ed2e2628b72df89a081f0b59:

  netfilter: nf_tables: fix underflow in chain reference counter (2023-06-26 17:18:55 +0200)

----------------------------------------------------------------
netfilter pull request 23-06-27

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

Ilia.Gavrilov (1):
      netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.

Jeremy Sowden (1):
      lib/ts_bm: reset initial match offset for every block of text

Pablo Neira Ayuso (2):
      netfilter: nf_tables: unbind non-anonymous set if rule construction fails
      netfilter: nf_tables: fix underflow in chain reference counter

Randy Dunlap (1):
      linux/netfilter.h: fix kernel-doc warnings

 include/linux/netfilter.h               |  4 +--
 lib/ts_bm.c                             |  4 ++-
 net/netfilter/nf_conntrack_proto_dccp.c | 52 +++++++++++++++++++++++++++++++--
 net/netfilter/nf_conntrack_sip.c        |  2 +-
 net/netfilter/nf_tables_api.c           |  6 +++-
 5 files changed, 60 insertions(+), 8 deletions(-)
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux