Re: [PATCH v1 nf 0/2] netfilter: iptables: Fix null-ptr-deref in ip6?table_nat_table_init().

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Wed, 31 Jul 2024 23:55:29 +0200

On Thu, Jul 25, 2024 at 12:28:19PM -0700, Kuniyuki Iwashima wrote:
> We had a report that iptables-restore sometimes triggered null-ptr-deref
> at boot time.
> 
> The problem is that iptable_nat_table_init() is exposed to user space too
> early and accesses net->gen->ptr[iptable_nat_net_ops.id] before allocated.
> 
> Patch 1 fixes the issue in iptable_nat, and patch 2 applies the same fix
> to ip6table_nat.

Series applied and PR sent to netdev including these fixes, thanks.