Commit 31dc954c authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Lu Wei
Browse files

netfilter: nf_tables: reject unbound anonymous set before commit phase 

stable inclusion
from stable-v5.10.188
commit 0205dd16edebee8074ac53cc67de98d959a24b60
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0205dd16edebee8074ac53cc67de98d959a24b60



--------------------------------

[ Upstream commit 938154b9 ]

Add a new list to track set transaction and to check for unbound
anonymous sets before entering the commit phase.

Bail out at the end of the transaction handling if an anonymous set
remains unbound.

Fixes: 96518518 ("netfilter: add nftables")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
parent 85569dcd
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment