Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-04 04:04:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

netfilter pull request 24-11-14

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmc18Y4ACgkQ1w0aZmrP
 KyHKURAAwQxhSDGgEGs5Y5f851kqb36OZST7kLXAdLPv6jJlCl5x6gW9Nxo5NWoI
 inFwp5lGjha7dXbrkVi60BvkoMFcU9AhLs4RmWHBZzs3NtnbCEIlZ9LXfWuKf1rU
 1LhfUrN2UqtYRWzz4mznTW686jdEFg5kgyugI8Ja5RaLiaLQ0DNJS8IxZncYP3a6
 ZrmP5d/LUW/WZ0lRLX7s10k+ar8VartZvKr0wuKZXo8TuzjmDFf6+4l2EYbQN+A6
 tjRIpC/8pEvKhC5bvSea1Irn7+qDvapPkpPzkU5Wg+ftMUv/1ehBIBWPkrD5y8ye
 vpvQIb9Wpiyy6dPG3jtK2Y0IwyKZHf3t6mFWI5y10+GUqbYSuabILYquG5SWAbyZ
 EdWrw5fEP9Na4oeEtQpFrPKgcl20fPaxc3Q2MzpodFzUAeYCMrrxBXcToDf0yvFd
 mghsr6iTdfjJT7fT3prFIIkMalAoX1sp6rjpcP+Nd2SY7Y3nBPaiGSrF75svPbPR
 IUTJaZIgUyoOfimy78fKXMuK63r1+wXO5oDXvP2KpBUetAWEO16IULgD7zx0zIWQ
 vnwBcyiqhBzRqcfDpLxaq/wNZA9eJCFCzqRn7GmqNlEKrrGBE62M19gZnAC2hUB/
 FYfHkGT3SvSDt6im1gyNp0QKn8kSl/2bUbkf29rcl0zuu42WnUw=
 =0/FY
 -----END PGP SIGNATURE-----

Merge tag 'nf-24-11-14' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Update .gitignore in selftest to skip conntrack_reverse_clash,
   from Li Zhijian.

2) Fix conntrack_dump_flush return values, from Guan Jing.

3) syzbot found that ipset's bitmap type does not properly checks for
   bitmap's first ip, from Jeongjun Park.

* tag 'nf-24-11-14' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: ipset: add missing range check in bitmap_ip_uadt
  selftests: netfilter: Fix missing return values in conntrack_dump_flush
  selftests: netfilter: Add missing gitignore file
====================

Link: https://patch.msgid.link/20241114125723.82229-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jakub Kicinski 2024-11-15 14:24:36 -08:00
commit 8807850697
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/netfilter/ipset/ip_set_bitmap_ip.c
View File

@ -163,11 +163,8 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret)
return ret;
if (ip > ip_to) {
if (ip > ip_to)
swap(ip, ip_to);
if (ip < map->first_ip)
return -IPSET_ERR_BITMAP_RANGE;
}
} else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
@ -178,7 +175,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[],
ip_to = ip;
}
if (ip_to > map->last_ip)
if (ip < map->first_ip || ip_to > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
for (; !before(ip_to, ip); ip += map->hosts) {

1
tools/testing/selftests/net/netfilter/.gitignore vendored
View File

@ -2,5 +2,6 @@
audit_logread
connect_close
conntrack_dump_flush
conntrack_reverse_clash
sctp_collision
nf_queue

6
tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
View File

@ -43,6 +43,8 @@ static int build_cta_tuple_v4(struct nlmsghdr *nlh, int type,
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
return 0;
}
static int build_cta_tuple_v6(struct nlmsghdr *nlh, int type,
@ -71,6 +73,8 @@ static int build_cta_tuple_v6(struct nlmsghdr *nlh, int type,
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
return 0;
}
static int build_cta_proto(struct nlmsghdr *nlh)
@ -90,6 +94,8 @@ static int build_cta_proto(struct nlmsghdr *nlh)
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
return 0;
}
static int conntrack_data_insert(struct mnl_socket *sock, struct nlmsghdr *nlh,