]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
netfilter: nft_limit: do not ignore unsupported flags
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 9 Jan 2024 23:42:37 +0000 (00:42 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Jan 2024 23:27:50 +0000 (15:27 -0800)
commitdfa01315c31510784d07be3cf8f4af624f6eff5b
treecc98c51c7a5954ab8d72741919f6cbb9d416fd07
parentf00f11aae1c25d4e7fce9abcfbd5f0acf2ab5e60
netfilter: nft_limit: do not ignore unsupported flags

[ Upstream commit 91a139cee1202a4599a380810d93c69b5bac6197 ]

Bail out if userspace provides unsupported flags, otherwise future
extensions to the limit expression will be silently ignored by the
kernel.

Fixes: c7862a5f0de5 ("netfilter: nft_limit: allow to invert matching criteria")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/netfilter/nft_limit.c