Hi David,
The following patchset contains two one-liner fixes for your net tree,
they are:
1) Disable fast hash operations for 2-bytes length keys which is leading
to incorrect lookups in nf_tables, from Anatole Denis.
2) Reload pointer ipv4 header after ip_route_me_harder() given this may
result in use-after-free due to skbuff header reallocation, patch
from Tejaswi Tanikella.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 28e33f9d78eefe98ea86673ab31e988b37a9a738:
bpf: disallow arithmetic operations on context pointer (2017-10-18 13:21:13
+0100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 7400bb4b5800831581a82f71700af6a5e815c3c8:
netfilter: nf_reject_ipv4: Fix use-after-free in send_reset (2017-11-01
12:15:29 +0100)
----------------------------------------------------------------
Anatole Denis (1):
netfilter: nft_set_hash: disable fast_ops for 2-len keys
Tejaswi Tanikella (1):
netfilter: nf_reject_ipv4: Fix use-after-free in send_reset
net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++
net/netfilter/nft_set_hash.c | 1 -
2 files changed, 2 insertions(+), 1 deletion(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
