From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, "Blažej Krajňák" <krajnak@levonet.sk>,
"Florian Westphal" <fw@strlen.de>
Subject: [PATCH 4.14 35/66] netfilter: nft_payload: fix wrong mac header matching
Date: Mon, 23 Oct 2023 12:56:25 +0200 [thread overview]
Message-ID: <20231023104812.147699999@linuxfoundation.org> (raw)
In-Reply-To: <20231023104810.781270702@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit d351c1ea2de3e36e608fc355d8ae7d0cc80e6cd6 upstream.
mcast packets get looped back to the local machine.
Such packets have a 0-length mac header, we should treat
this like "mac header not set" and abort rule evaluation.
As-is, we just copy data from the network header instead.
Fixes: 96518518cc41 ("netfilter: add nftables")
Reported-by: Blažej Krajňák <krajnak@levonet.sk>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_payload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -84,7 +84,7 @@ static void nft_payload_eval(const struc
switch (priv->base) {
case NFT_PAYLOAD_LL_HEADER:
- if (!skb_mac_header_was_set(skb))
+ if (!skb_mac_header_was_set(skb) || skb_mac_header_len(skb) == 0)
goto err;
if (skb_vlan_tag_present(skb)) {
next prev parent reply other threads:[~2023-10-23 11:00 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 10:55 [PATCH 4.14 00/66] 4.14.328-rc1 review Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 01/66] RDMA/cxgb4: Check skb value for failure to allocate Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 02/66] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 03/66] HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 04/66] drm: etvnaviv: fix bad backport leading to warning Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 05/66] ieee802154: ca8210: Fix a potential UAF in ca8210_probe Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 06/66] drm/vmwgfx: fix typo of sizeof argument Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 07/66] ixgbe: fix crash with empty VF macvlan list Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 08/66] nfc: nci: assert requested protocol is valid Greg Kroah-Hartman
2023-10-23 10:55 ` [PATCH 4.14 09/66] workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 10/66] usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 11/66] net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 12/66] usb: musb: Get the musb_qh poniter after musb_giveback Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 13/66] usb: musb: Modify the "HWVers" register address Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 14/66] iio: pressure: bmp280: Fix NULL pointer exception Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 15/66] iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 16/66] mcb: remove is_added flag from mcb_device struct Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 17/66] ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 18/66] Input: powermate - fix use-after-free in powermate_config_complete Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 19/66] Input: xpad - add PXN V900 support Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 20/66] cgroup: Remove duplicates in cgroup v1 tasks file Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 21/66] pinctrl: avoid unsafe code pattern in find_pinctrl() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 22/66] usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 23/66] usb: gadget: ncm: Handle decoding of multiple NTBs in unwrap call Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 24/66] x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 25/66] usb: hub: Guard against accesses to uninitialized BOS descriptors Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 26/66] Bluetooth: hci_event: Ignore NULL link key Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 27/66] Bluetooth: Reject connection with the device which has same BD_ADDR Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 28/66] Bluetooth: Fix a refcnt underflow problem for hci_conn Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 29/66] Bluetooth: vhci: Fix race when opening vhci device Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 30/66] Bluetooth: hci_event: Fix coding style Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 31/66] Bluetooth: avoid memcmp() out of bounds warning Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 32/66] nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 33/66] regmap: fix NULL deref on lookup Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 34/66] KVM: x86: Mask LVTPC when handling a PMI Greg Kroah-Hartman
2023-10-23 10:56 ` Greg Kroah-Hartman [this message]
2023-10-23 10:56 ` [PATCH 4.14 36/66] xfrm: fix a data-race in xfrm_gen_index() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 37/66] net: ipv4: fix return value check in esp_remove_trailer Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 38/66] net: ipv6: " Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 39/66] net: rfkill: gpio: prevent value glitch during probe Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 40/66] net: usb: smsc95xx: Fix an error code in smsc95xx_reset() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 41/66] i40e: prevent crash on probe if hw registers have invalid values Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 42/66] ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 43/66] btrfs: initialize start_slot in btrfs_log_prealloc_extents Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 44/66] i2c: mux: Avoid potential false error message in i2c_mux_add_adapter Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 45/66] overlayfs: set ctime when setting mtime and atime Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 46/66] gpio: timberdale: Fix potential deadlock on &tgpio->lock Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 47/66] ata: libata-eh: Fix compilation warning in ata_eh_link_report() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 48/66] tracing: relax trace_event_eval_update() execution with cond_resched() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 49/66] HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 50/66] Bluetooth: Avoid redundant authentication Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 51/66] Bluetooth: hci_core: Fix build warnings Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 52/66] wifi: mac80211: allow transmitting EAPOL frames with tainted key Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 53/66] wifi: cfg80211: avoid leaking stack data into trace Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 54/66] sky2: Make sure there is at least one frag_addr available Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 55/66] mmc: core: Capture correct oemid-bits for eMMC cards Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 56/66] Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 57/66] ACPI: irq: Fix incorrect return value in acpi_register_gsi() Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 58/66] USB: serial: option: add Telit LE910C4-WWX 0x1035 composition Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 59/66] USB: serial: option: add entry for Sierra EM9191 with new firmware Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 60/66] USB: serial: option: add Fibocom to DELL custom modem FM101R-GL Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 61/66] perf: Disallow mis-matched inherited group reads Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 62/66] s390/pci: fix iommu bitmap allocation Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 63/66] gpio: vf610: set value before the direction to avoid a glitch Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 64/66] Bluetooth: hci_sock: fix slab oob read in create_monitor_event Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 65/66] Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Greg Kroah-Hartman
2023-10-23 10:56 ` [PATCH 4.14 66/66] Bluetooth: hci_event: Fix using memcmp when comparing keys Greg Kroah-Hartman
2023-10-23 14:37 ` [PATCH 4.14 00/66] 4.14.328-rc1 review Guenter Roeck
2023-10-24 8:22 ` Greg Kroah-Hartman
2023-10-23 20:43 ` Pavel Machek
2023-10-24 8:36 ` Daniel Díaz
2023-10-25 18:57 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231023104812.147699999@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fw@strlen.de \
--cc=krajnak@levonet.sk \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox