dgit.raspbian.org Git - linux.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 17 Feb 2022 22:41:20 +0000 (23:41 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Fri, 25 Feb 2022 17:15:16 +0000 (17:15 +0000)
commit	c5c93ba965b0175ba6c0bfb68647e863dbdc26f6
tree	3dca8af6f09421cfec55611674fbeb0d936c7d19	tree \| snapshot
parent	635cb9920d78ea918f92e48079412c03433b70d7	commit \| diff

netfilter: nf_tables_offload: incorrect flow offload action array size

Origin: https://git.kernel.org/linus/b1a5983f56e371046dcf164f90bfaf704d2b89f6
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-25636

immediate verdict expression needs to allocate one slot in the flow offload
action array, however, immediate data expression does not need to do so.

fwd and dup expression need to allocate one slot, this is missing.

Add a new offload_action interface to report if this expression needs to
allocate one slot in the flow offload action array.

Fixes: be2861dc36d7 ("netfilter: nft_{fwd,dup}_netdev: add offload support")
Reported-and-tested-by: Nick Gregory <Nick.Gregory@Sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name netfilter-nf_tables_offload-incorrect-flow-offload-a.patch

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nf_tables_offload.h		diff \| blob \| history
net/netfilter/nf_tables_offload.c		diff \| blob \| history
net/netfilter/nft_dup_netdev.c		diff \| blob \| history
net/netfilter/nft_fwd_netdev.c		diff \| blob \| history
net/netfilter/nft_immediate.c		diff \| blob \| history