[thirdparty/kernel/stable-queue.git] / releases / 4.14.129 / netfilter-nf_queue-fix-reinject-verdict-handling.patch

From fe22dffe329d1a5a966331627ce94f9ed3411923 Mon Sep 17 00:00:00 2001
From: Jagdish Motwani <jagdish.motwani@sophos.com>
Date: Mon, 13 May 2019 23:47:40 +0530
Subject: netfilter: nf_queue: fix reinject verdict handling

[ Upstream commit 946c0d8e6ed43dae6527e878d0077c1e11015db0 ]

This patch fixes netfilter hook traversal when there are more than 1 hooks
returning NF_QUEUE verdict. When the first queue reinjects the packet,
'nf_reinject' starts traversing hooks with a proper hook_index. However,
if it again receives a NF_QUEUE verdict (by some other netfilter hook), it
queues the packet with a wrong hook_index. So, when the second queue
reinjects the packet, it re-executes hooks in between.

Fixes: 960632ece694 ("netfilter: convert hook list to an array")
Signed-off-by: Jagdish Motwani <jagdish.motwani@sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_queue.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index f7e21953b1de..8260b1e73bbd 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -193,6 +193,7 @@ static unsigned int nf_iterate(struct sk_buff *skb,
 repeat:
 		verdict = nf_hook_entry_hookfn(hook, skb, state);
 		if (verdict != NF_ACCEPT) {
+			*index = i;
 			if (verdict != NF_REPEAT)
 				return verdict;
 			goto repeat;
-- 
2.20.1
Commit	Line	Data
2a2a4ae2 SL	1	From fe22dffe329d1a5a966331627ce94f9ed3411923 Mon Sep 17 00:00:00 2001
	2	From: Jagdish Motwani <jagdish.motwani@sophos.com>
	3	Date: Mon, 13 May 2019 23:47:40 +0530
	4	Subject: netfilter: nf_queue: fix reinject verdict handling
	5
	6	[ Upstream commit 946c0d8e6ed43dae6527e878d0077c1e11015db0 ]
	7
	8	This patch fixes netfilter hook traversal when there are more than 1 hooks
	9	returning NF_QUEUE verdict. When the first queue reinjects the packet,
	10	'nf_reinject' starts traversing hooks with a proper hook_index. However,
	11	if it again receives a NF_QUEUE verdict (by some other netfilter hook), it
	12	queues the packet with a wrong hook_index. So, when the second queue
	13	reinjects the packet, it re-executes hooks in between.
	14
	15	Fixes: 960632ece694 ("netfilter: convert hook list to an array")
	16	Signed-off-by: Jagdish Motwani <jagdish.motwani@sophos.com>
	17	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	18	Signed-off-by: Sasha Levin <sashal@kernel.org>
	19	---
	20	net/netfilter/nf_queue.c \| 1 +
	21	1 file changed, 1 insertion(+)
	22
	23	diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
	24	index f7e21953b1de..8260b1e73bbd 100644
	25	--- a/net/netfilter/nf_queue.c
	26	+++ b/net/netfilter/nf_queue.c
	27	@@ -193,6 +193,7 @@ static unsigned int nf_iterate(struct sk_buff *skb,
	28	repeat:
	29	verdict = nf_hook_entry_hookfn(hook, skb, state);
	30	if (verdict != NF_ACCEPT) {
	31	+ *index = i;
	32	if (verdict != NF_REPEAT)
	33	return verdict;
	34	goto repeat;
	35	--
	36	2.20.1
	37