Commit 1ecde10d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Zheng Zengkai
Browse files

netfilter: nf_tables_offload: incorrect flow offload action array size 

mainline inclusion
from mainline-v5.17-rc6
commit b1a5983f
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4VNH7


CVE: CVE-2022-25636

--------------------------------

immediate verdict expression needs to allocate one slot in the flow offload
action array, however, immediate data expression does not need to do so.

fwd and dup expression need to allocate one slot, this is missing.

Add a new offload_action interface to report if this expression needs to
allocate one slot in the flow offload action array.

Fixes: be2861dc ("netfilter: nft_{fwd,dup}_netdev: add offload support")
Reported-and-tested-by: default avatarNick Gregory <Nick.Gregory@Sophos.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>

conficts:
	net/netfilter/nft_fwd_netdev.c
	include/net/netfilter/nf_tables.h

Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Reviewed-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 1a2ea802
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment