git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	David Carlier <devnexen@gmail.com>
	Sat, 11 Apr 2026 18:57:21 +0000 (19:57 +0100)
committer	Florian Westphal <fw@strlen.de>
	Sun, 24 May 2026 20:55:47 +0000 (22:55 +0200)
commit	d738feccb98cb224ebabecb703e98f5008276bff
tree	ed627ce95b783f0e12ea52eb0f79e10fee242930	tree \| snapshot
parent	73ce4a2949d97288ebee96102224f75506f6b14f	commit \| diff

netfilter: nfnl_cthelper: apply per-class values when updating policies

When a userspace conntrack helper with multiple expectation classes is
updated via nfnetlink, every class ends up with the first class's
max_expected and timeout values.

nfnl_cthelper_update_policy_all() validates each new policy into the
corresponding slot of the temporary new_policy array, but the second
loop that commits the values into the live helper dereferences
new_policy as a pointer instead of indexing it, so every iteration
reads new_policy[0] regardless of i. An update that changes per-class
values is silently collapsed onto class 0's values with no error
returned to userspace.

Index the temporary array by i in the commit loop so each class gets
its own validated values.

Fixes: 2c422257550f ("netfilter: nfnl_cthelper: fix runtime expectation policy updates")
Cc: stable@vger.kernel.org
Signed-off-by: David Carlier <devnexen@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>