WSL2-Linux-Kernel/net/ipv6/netfilter
Daniel Borkmann 6b96686ecf netfilter: nft_masq: fix uninitialized range in nft_masq_{ipv4, ipv6}_eval
When transferring from the original range in nf_nat_masquerade_{ipv4,ipv6}()
we copy over values from stack in from min_proto/max_proto due to uninitialized
range variable in both, nft_masq_{ipv4,ipv6}_eval. As we only initialize
flags at this time from nft_masq struct, just zero out the rest.

Fixes: 9ba1f726be ("netfilter: nf_tables: add new nft_masq expression")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-11-10 17:56:28 +01:00
..
Kconfig netfilter: move nf_send_resetX() code to nf_reject_ipvX modules 2014-10-02 18:30:49 +02:00
Makefile netfilter: move nf_send_resetX() code to nf_reject_ipvX modules 2014-10-02 18:30:49 +02:00
ip6_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_NPT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
ip6t_REJECT.c netfilter: REJECT: separate reusable code 2013-12-30 15:04:41 +01:00
ip6t_SYNPROXY.c netfilter: SYNPROXY target: restrict to INPUT/FORWARD 2013-12-11 11:30:25 +01:00
ip6t_ah.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_hbh.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_rpfilter.c net: ipv6: more places need LOOPBACK_IFINDEX for flowi6_iif 2014-04-28 14:47:03 -04:00
ip6t_rt.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6table_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip6table_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip6table_nat.c netfilter: nat: move specific NAT IPv6 to core 2014-09-09 16:30:00 +02:00
ip6table_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip6table_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: push reasm skb through instead of original frag skbs 2013-11-11 00:19:35 -05:00
nf_conntrack_proto_icmpv6.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
nf_conntrack_reasm.c inet: frags: use kmem_cache for inet_frag_queue 2014-08-02 15:31:31 -07:00
nf_defrag_ipv6_hooks.c netfilter: use IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 2014-10-02 18:30:54 +02:00
nf_log_ipv6.c netfilter: log: nf_log_packet() as real unified interface 2014-06-27 13:20:13 +02:00
nf_nat_l3proto_ipv6.c netfilter: nat: move specific NAT IPv6 to core 2014-09-09 16:30:00 +02:00
nf_nat_masquerade_ipv6.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_proto_icmpv6.c netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pkt 2013-09-13 11:58:48 +02:00
nf_reject_ipv6.c netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions 2014-10-31 12:49:57 +01:00
nf_tables_ipv6.c netfilter: nf_tables: fix error path in the init functions 2014-01-09 23:25:48 +01:00
nft_chain_nat_ipv6.c netfilter: nft_chain_nat_ipv6: use generic IPv6 NAT code from core 2014-09-09 16:31:09 +02:00
nft_chain_route_ipv6.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nft_masq_ipv6.c netfilter: nft_masq: fix uninitialized range in nft_masq_{ipv4, ipv6}_eval 2014-11-10 17:56:28 +01:00
nft_reject_ipv6.c netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00