netfilter: nft_flow_offload: reset dst in route object after setting up flow
mainline inclusion from mainline-v6.8-rc6 commit 9e0f0430389be7696396c62f037be4bf72cf93e3 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q8LQ CVE: CVE-2024-27403 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9e0f0430389be7696396c62f037be4bf72cf93e3 --------------------------- dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flow_offload_add() fails, error path releases dst twice, leading to a refcount underflow. Fixes: a3c90f7a ("netfilter: nf_tables: flow offload expression") Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org> Conflicts: include/net/netfilter/nf_flow_table.h net/netfilter/nf_flow_table_core.c [This is because we did not backport f1363e05, fa502c86, 8b9229d1, 7a27f6ab] Signed-off-by:
Loading
Please sign in to comment