Hi Will, Pablo, On Tue, Aug 04, 2020 at 01:37:11PM +0200, Pablo Neira Ayuso wrote: > This patch is much smaller and if you confirm this is address the > issue, then this is awesome.
Did that ever get confirmed? AFAICT, nothing ended up landing in the stable trees for this. Cheers, Will > On Mon, Aug 03, 2020 at 06:31:56PM +0000, William Mcvicker wrote: > [...] > > diff --git a/net/netfilter/nf_conntrack_netlink.c > > b/net/netfilter/nf_conntrack_netlink.c > > index 31fa94064a62..56d310f8b29a 100644 > > --- a/net/netfilter/nf_conntrack_netlink.c > > +++ b/net/netfilter/nf_conntrack_netlink.c > > @@ -1129,6 +1129,8 @@ ctnetlink_parse_tuple(const struct nlattr * const > > cda[], > > if (!tb[CTA_TUPLE_IP]) > > return -EINVAL; > > > > + if (l3num >= NFPROTO_NUMPROTO) > > + return -EINVAL; > > l3num can only be either NFPROTO_IPV4 or NFPROTO_IPV6. > > Other than that, bail out with EOPNOTSUPP. > > Thank you.
