netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - kernel

diff options

author	Pablo Neira Ayuso <[email protected]>	2024-01-29 12:12:33 +0000
committer	Pablo Neira Ayuso <[email protected]>	2024-01-31 22:14:14 +0000
commit	8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (patch)
tree	5cf96a37323e797c0f49d93cacc352869653cc06 /net/unix/af_unix.c
parent	netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (diff)
download	kernel-8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4.tar.gz kernel-8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4.zip

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

- Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. Fixes: 857b46027d6f ("netfilter: nft_ct: add ct expectations support") Signed-off-by: Pablo Neira Ayuso <[email protected]>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: