linux

iv/linux

History

Daniel Borkmann 6b96686ecf netfilter: nft_masq: fix uninitialized range in nft_masq_{ipv4, ipv6}_eval When transferring from the original range in nf_nat_masquerade_{ipv4,ipv6}() we copy over values from stack in from min_proto/max_proto due to uninitialized range variable in both, nft_masq_{ipv4,ipv6}_eval. As we only initialize flags at this time from nft_masq struct, just zero out the rest. Fixes: `9ba1f726be` ("netfilter: nf_tables: add new nft_masq expression") Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2014-11-10 17:56:28 +01:00
..
arp_tables.c	netfilter: Can't fail and free after table replacement	2014-04-05 17:46:22 +02:00
arpt_mangle.c
arptable_filter.c	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
ip_tables.c	netfilter: Can't fail and free after table replacement	2014-04-05 17:46:22 +02:00
ipt_ah.c
ipt_CLUSTERIP.c	net: use reciprocal_scale() helper	2014-08-23 12:21:21 -07:00
ipt_ECN.c
ipt_MASQUERADE.c	netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables	2014-09-09 16:31:29 +02:00
ipt_REJECT.c	netfilter: use IS_ENABLED(CONFIG_BRIDGE_NETFILTER)	2014-10-02 18:30:54 +02:00
ipt_rpfilter.c	ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif	2014-04-16 15:05:11 -04:00
ipt_SYNPROXY.c	netfilter: SYNPROXY target: restrict to INPUT/FORWARD	2013-12-11 11:30:25 +01:00
iptable_filter.c	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
iptable_mangle.c	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
iptable_nat.c	netfilter: nat: move specific NAT IPv4 to core	2014-09-02 17:14:10 +02:00
iptable_raw.c	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
iptable_security.c	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
Kconfig	netfilter: move nf_send_resetX() code to nf_reject_ipvX modules	2014-10-02 18:30:49 +02:00
Makefile	netfilter: move nf_send_resetX() code to nf_reject_ipvX modules	2014-10-02 18:30:49 +02:00
nf_conntrack_l3proto_ipv4_compat.c
nf_conntrack_l3proto_ipv4.c	netfilter: nf_conntrack: remove exceptional & on function name	2014-07-25 14:50:58 +02:00
nf_conntrack_proto_icmp.c	netfilter: use IS_ENABLED() macro	2014-06-30 11:38:03 +02:00
nf_defrag_ipv4.c	netfilter: use IS_ENABLED(CONFIG_BRIDGE_NETFILTER)	2014-10-02 18:30:54 +02:00
nf_log_arp.c	netfilter: add generic ARP packet logger	2014-06-27 13:20:38 +02:00
nf_log_ipv4.c	netfilter: log: nf_log_packet() as real unified interface	2014-06-27 13:20:13 +02:00
nf_nat_h323.c	netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report()	2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c	netfilter: nat: move specific NAT IPv4 to core	2014-09-02 17:14:10 +02:00
nf_nat_masquerade_ipv4.c	netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables	2014-09-09 16:31:29 +02:00
nf_nat_pptp.c
nf_nat_proto_gre.c	netfilter: use IS_ENABLED() macro	2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c	netfilter: use IS_ENABLED() macro	2014-06-30 11:38:03 +02:00
nf_nat_snmp_basic.c	netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches	2014-02-14 11:37:36 +01:00
nf_reject_ipv4.c	netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions	2014-10-31 12:49:05 +01:00
nf_tables_arp.c	netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain()	2014-01-09 20:17:16 +01:00
nf_tables_ipv4.c	netfilter: nf_tables: fix error path in the init functions	2014-01-09 23:25:48 +01:00
nft_chain_nat_ipv4.c	netfilter: nft_chain_nat_ipv4: use generic IPv4 NAT code from core	2014-09-02 17:14:11 +02:00
nft_chain_route_ipv4.c	netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain()	2014-01-09 20:17:16 +01:00
nft_masq_ipv4.c	netfilter: nft_masq: fix uninitialized range in nft_masq_{ipv4, ipv6}_eval	2014-11-10 17:56:28 +01:00
nft_reject_ipv4.c	netfilter: nft_reject: introduce icmp code abstraction for inet and bridge	2014-10-02 18:29:57 +02:00