netfilter: nft_payload: don't allow th access for fragments - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Florian Westphal <fw@strlen.de>	2022-01-29 17:13:23 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-02-04 05:38:15 +0100
commit	a9e8503def0fd4ed89ade1f61c315f904581d439 (patch)
tree	7e7678e27bded2e65072d96af8f9a227f5cca3ab /arch/mips/include/asm/pgtable-bits.h
parent	77b337196a9d87f3d6bb9b07c0436ecafbffda1e (diff)

netfilter: nft_payload: don't allow th access for fragments

Loads relative to ->thoff naturally expect that this points to the transport header, but this is only true if pkt->fragoff == 0. This has little effect for rulesets with connection tracking/nat because these enable ip defra. For other rulesets this prevents false matches. Fixes: 96518518cc41 ("netfilter: add nftables") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'arch/mips/include/asm/pgtable-bits.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: