[PATCH net 0/4] Netfilter fixes for net

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 31 Oct 2024 11:01:13 +0100

Hi,

The following patchset contains Netfilter fixes for net:

1) Remove unused parameters in conntrack_dump_flush.c used by
   selftests, from Liu Jing.

2) Fix possible UaF when removing xtables module via getsockopt()
   interface, from Dong Chenchen.

3) Fix potential crash in nf_send_reset6() reported by syzkaller.
   From Eric Dumazet

4) Validate offset and length before calling skb_checksum()
   in nft_payload, otherwise hitting BUG() is possible.

Please, apply,
Thanks.

Dong Chenchen (1):
  netfilter: Fix use-after-free in get_info()

Eric Dumazet (1):
  netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

Liu Jing (1):
  selftests: netfilter: remove unused parameter

Pablo Neira Ayuso (1):
  netfilter: nft_payload: sanitize offset and length before calling
    skb_checksum()

 net/ipv6/netfilter/nf_reject_ipv6.c               | 15 +++++++--------
 net/netfilter/nft_payload.c                       |  3 +++
 net/netfilter/x_tables.c                          |  2 +-
 .../net/netfilter/conntrack_dump_flush.c          |  6 +++---
 4 files changed, 14 insertions(+), 12 deletions(-)

-- 
2.30.2

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-31

Thanks.

----------------------------------------------------------------

The following changes since commit c05c62850a8f035a267151dd86ea3daf887e28b8:

  Merge tag 'wireless-2024-10-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless (2024-10-29 18:57:12 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-10-31

for you to fetch changes up to d5953d680f7e96208c29ce4139a0e38de87a57fe:

  netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (2024-10-31 10:54:49 +0100)

----------------------------------------------------------------
netfilter pull request 24-10-31

----------------------------------------------------------------
Dong Chenchen (1):
      netfilter: Fix use-after-free in get_info()

Eric Dumazet (1):
      netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

Liu Jing (1):
      selftests: netfilter: remove unused parameter

Pablo Neira Ayuso (1):
      netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

 net/ipv6/netfilter/nf_reject_ipv6.c                       | 15 +++++++--------
 net/netfilter/nft_payload.c                               |  3 +++
 net/netfilter/x_tables.c                                  |  2 +-
 .../selftests/net/netfilter/conntrack_dump_flush.c        |  6 +++---
 4 files changed, 14 insertions(+), 12 deletions(-)