iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal 9882495d02 netfilter: nft_limit: reject configurations that cause integer overflow 
[ Upstream commit c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa ]

Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Fixes: d2168e849ebf ("netfilter: nft_limit: add per-byte limiting")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-01-31 16:19:03 -08:00
..
6lowpan
9p
net: 9p: avoid freeing uninit memory in p9pdu_vreadf
2024-01-01 12:42:41 +00:00
802
8021q
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
2024-01-31 16:19:01 -08:00
appletalk
appletalk: Fix Use-After-Free in atalk_ioctl
2023-12-20 17:01:50 +01:00
atm
atm: Fix Use-After-Free in do_vcc_ioctl
2023-12-20 17:01:48 +01:00
ax25
ax25: Kconfig: Update link for linux-ax25.org
2023-09-18 12:56:58 +01:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-24 10:51:39 -07:00
bluetooth
Bluetooth: Fix atomicity violation in {min,max}_key_size_set
2024-01-25 15:35:46 -08:00
bpf
bpf: Prevent inlining of bpf_fentry_test7()
2023-08-30 08:36:17 +02:00
bpfilter
net: Use umd_cleanup_helper()
2023-05-31 13:06:57 +02:00
bridge
netfilter: bridge: replace physindev with physinif in nf_bridge_info
2024-01-25 15:35:59 -08:00
caif
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
can
can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
2023-10-06 12:54:33 +02:00
ceph
libceph: use kernel_connect()
2023-10-09 13:35:24 +02:00
core
net: fix removing a namespace with conflicting altnames
2024-01-31 16:19:01 -08:00
dcb
net: dcb: choose correct policy to parse DCB_ATTR_BCN
2023-08-01 21:07:46 -07:00
dccp
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
2023-11-20 11:59:35 +01:00
devlink
devlink: Hold devlink lock on health reporter dump get
2023-10-06 15:56:46 -07:00
dns_resolver
keys, dns: Fix size check of V1 server-list header
2024-01-25 15:35:41 -08:00
dsa
net: dsa: mark parsed interface mode for legacy switch drivers
2023-08-09 13:08:09 -07:00
ethernet
ethtool
ethtool: netlink: Add missing ethnl_ops_begin/complete
2024-01-25 15:36:00 -08:00
handshake
net/handshake: fix file ref count in handshake_nl_accept_doit()
2023-10-23 10:19:33 -07:00
hsr
hsr: Prevent use after free in prp_create_tagged_frame()
2023-11-20 11:59:34 +01:00
ieee802154
sysctl-6.6-rc1
2023-08-29 17:39:15 -07:00
ife
net: sched: ife: fix potential use-after-free
2024-01-01 12:42:30 +00:00
ipv4
tcp: Add memory barrier to tcp_push()
2024-01-31 16:19:02 -08:00
ipv6
ipv6: init the accept_queue's spinlocks in inet6_create
2024-01-31 16:19:02 -08:00
iucv
kcm
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
2023-09-14 10:43:51 +02:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-08-18 12:44:56 -07:00
l2tp
udp: annotate data-races around udp->encap_type
2023-11-20 11:58:56 +01:00
l3mdev
lapb
llc
llc: Drop support for ETH_P_TR_802_2.
2024-01-31 16:19:01 -08:00
mac80211
wifi: mac80211: fix potential sta-link leak
2024-01-31 16:19:00 -08:00
mac802154
Core WPAN changes:
2023-06-24 15:41:46 -07:00
mctp
mctp: perform route lookups under a RCU read-side lock
2023-10-10 19:43:22 -07:00
mpls
networking: Update to register_net_sysctl_sz
2023-08-15 15:26:18 -07:00
mptcp
mptcp: relax check on MPC passive fallback
2024-01-25 15:35:59 -08:00
ncsi
net/ncsi: Fix netlink major/minor version numbers
2024-01-25 15:35:20 -08:00
netfilter
netfilter: nft_limit: reject configurations that cause integer overflow
2024-01-31 16:19:03 -08:00
netlabel
calipso: fix memory leak in netlbl_calipso_add_pass()
2024-01-25 15:35:14 -08:00
netlink
netlink: fix potential sleeping issue in mqueue_flush_file
2024-01-31 16:19:02 -08:00
netrom
netrom: Deny concurrent connect().
2023-08-28 06:58:46 +01:00
nfc
nfc: Do not send datagram if socket state isn't LLCP_BOUND
2024-01-20 11:51:46 +01:00
nsh
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
openvswitch
net/sched: act_ct: Always fill offloading tuple iifidx
2023-11-20 11:59:37 +01:00
packet
packet: Move reference count in packet_sock to atomic_long_t
2023-12-13 18:45:23 +01:00
phonet
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
psample
psample: Require 'CAP_NET_ADMIN' when joining "packets" group
2023-12-13 18:45:10 +01:00
qrtr
net: qrtr: ns: Return 0 if server port is not present
2024-01-20 11:51:47 +01:00
rds
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
2024-01-31 16:19:01 -08:00
rfkill
net: rfkill: gpio: set GPIO direction
2024-01-01 12:42:41 +00:00
rose
net/rose: fix races in rose_kill_by_device()
2024-01-01 12:42:31 +00:00
rxrpc
rxrpc: Fix use of Don't Fragment flag
2024-01-25 15:35:56 -08:00
sched
net/sched: flower: Fix chain template offload
2024-01-31 16:19:02 -08:00
sctp
sctp: fix busy polling
2024-01-25 15:35:30 -08:00
smc
net/smc: fix illegal rmb_desc access in SMC-D connection dump
2024-01-31 16:19:00 -08:00
strparser
sunrpc
SUNRPC: use request size to initialize bio_vec in svc_udp_sendto()
2024-01-31 16:19:00 -08:00
switchdev
net: switchdev: Add a helper to replay objects on a bridge port
2023-07-21 08:54:03 +01:00
tipc
tipc: Fix kernel-infoleak due to uninitialized TLV value
2023-11-28 17:19:51 +00:00
tls
net: tls, fix WARNIING in __sk_msg_free
2024-01-25 15:35:58 -08:00
unix
bpf: sockmap, fix proto update hook to avoid dup calls
2024-01-25 15:35:30 -08:00
vmw_vsock
virtio/vsock: send credit update during setting SO_RCVLOWAT
2024-01-25 15:35:26 -08:00
wireless
wifi: cfg80211: parse all ML elements in an ML probe response
2024-01-25 15:35:30 -08:00
x25
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
xdp
xsk: add multi-buffer support for sockets sharing umem
2024-01-10 17:16:54 +01:00
xfrm
ipsec-2023-10-17
2023-10-17 18:21:13 -07:00
compat.c
devres.c
Kconfig
bpf: Add fd-based tcx multi-prog infra with link support
2023-07-19 10:07:27 -07:00
Kconfig.debug
Makefile
net/handshake: Create a NETLINK service for handling handshake requests
2023-04-19 18:48:48 -07:00
socket.c
net: Save and restore msg_namelen in sock_sendmsg
2024-01-10 17:16:51 +01:00
sysctl_net.c
sysctl: Add size to register_net_sysctl function
2023-08-15 15:26:17 -07:00