6.1-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)
diff --git a/queue-6.1/netfilter-nf_tables-disallow-timeout-for-anonymous-sets.patch b/queue-6.1/netfilter-nf_tables-disallow-timeout-for-anonymous-sets.patch

new file mode 100644 (file)

index 0000000..fe04bbf
--- /dev/null
+++ b/queue-6.1/netfilter-nf_tables-disallow-timeout-for-anonymous-sets.patch
@@ -0,0 +1,40 @@
+From e26d3009efda338f19016df4175f354a9bd0a4ab Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Fri, 16 Jun 2023 15:22:18 +0200
+Subject: netfilter: nf_tables: disallow timeout for anonymous sets
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit e26d3009efda338f19016df4175f354a9bd0a4ab upstream.
+
+Never used from userspace, disallow these parameters.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -4752,6 +4752,9 @@ static int nf_tables_newset(struct sk_bu
+               if (!(flags & NFT_SET_TIMEOUT))
+                       return -EINVAL;
+ 
++              if (flags & NFT_SET_ANONYMOUS)
++                      return -EOPNOTSUPP;
++
+               err = nf_msecs_to_jiffies64(nla[NFTA_SET_TIMEOUT], &desc.timeout);
+               if (err)
+                       return err;
+@@ -4760,6 +4763,10 @@ static int nf_tables_newset(struct sk_bu
+       if (nla[NFTA_SET_GC_INTERVAL] != NULL) {
+               if (!(flags & NFT_SET_TIMEOUT))
+                       return -EINVAL;
++
++              if (flags & NFT_SET_ANONYMOUS)
++                      return -EOPNOTSUPP;
++
+               desc.gc_int = ntohl(nla_get_be32(nla[NFTA_SET_GC_INTERVAL]));
+       }
+ 
diff --git a/queue-6.1/series b/queue-6.1/series

index f1da323800524d37c605fb30210aade72bf31c3a..d93db114d8172c54a9066a30fbb0f34917863a05 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -1,3 +1,4 @@
+netfilter-nf_tables-disallow-timeout-for-anonymous-sets.patch
  drm-meson-fix-unbind-path-if-hdmi-fails-to-bind.patch
  drm-meson-don-t-remove-bridges-which-are-created-by-.patch
  scsi-core-add-struct-for-args-to-execution-functions.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 2 Mar 2024 17:36:18 +0000 (18:36 +0100)
queue-6.1/netfilter-nf_tables-disallow-timeout-for-anonymous-sets.patch	[new file with mode: 0644]	patch \| blob
queue-6.1/series		patch \| blob \| blame \| history