--- /dev/null
+From 317eb9685095678f2c9f5a8189de698c5354316a Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 1 Dec 2023 15:47:13 +0100
+Subject: netfilter: nft_set_pipapo: skip inactive elements during set walk
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 317eb9685095678f2c9f5a8189de698c5354316a upstream.
+
+Otherwise set elements can be deactivated twice which will cause a crash.
+
+Reported-by: Xingyuan Mo <hdthky0@gmail.com>
+Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_set_pipapo.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/netfilter/nft_set_pipapo.c
++++ b/net/netfilter/nft_set_pipapo.c
+@@ -2028,6 +2028,9 @@ static void nft_pipapo_walk(const struct
+
+ e = f->mt[r].e;
+
++ if (!nft_set_elem_active(&e->ext, iter->genmask))
++ goto cont;
++
+ elem.priv = e;
+
+ iter->err = iter->fn(ctx, set, iter, &elem);
genetlink-add-cap_net_admin-test-for-multicast-bind.patch
psample-require-cap_net_admin-when-joining-packets-group.patch
drop_monitor-require-cap_sys_admin-when-joining-events-group.patch
+netfilter-nft_set_pipapo-skip-inactive-elements-during-set-walk.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
