Commit c6f7a0b5 authored by Phil Sutter's avatar Phil Sutter Committed by sanglipeng
Browse files

netfilter: nft_exthdr: Search chunks in SCTP packets only 

stable inclusion
from stable-v5.10.198
commit e18216cd0ec7fef9bb87cf8b4124bc1212e5add1
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I987V5

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e18216cd0ec7fef9bb87cf8b4124bc1212e5add1



--------------------------------

[ Upstream commit 5acc44f3 ]

Since user space does not generate a payload dependency, plain sctp
chunk matches cause searching in non-SCTP packets, too. Avoid this
potential mis-interpretation of packet data by checking pkt->tprot.

Fixes: 133dc203 ("netfilter: nft_exthdr: Support SCTP chunks")
Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent f8cf4763
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment