On Thu, Dec 14, 2017 at 01:30:08PM +0100, Pablo Neira Ayuso wrote:
> Hi Greg,
>
> I'd appreciate if you can take this patch into 4.9-stable. There is no
> similar patch in tree, so this is not a backport.
>
> On Wed, Dec 13, 2017 at 03:33:37PM -0500, Debabrata Banerjee wrote:
> > A verdict of
Hi Greg,
I'd appreciate if you can take this patch into 4.9-stable. There is no
similar patch in tree, so this is not a backport.
On Wed, Dec 13, 2017 at 03:33:37PM -0500, Debabrata Banerjee wrote:
> A verdict of NF_STOLEN after NF_QUEUE will cause an incorrect return value
> and a potential
On Tue, Dec 12, 2017 at 12:36:35AM +, Banerjee, Debabrata wrote:
> > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org]
> > On Mon, Dec 11, 2017 at 06:30:24PM -0500, Debabrata Banerjee wrote:
> > > + } else {
> > > + /* Implicit handling for NF_STOLEN, as well as any other
> > > +
> From: Pablo Neira Ayuso [mailto:pa...@netfilter.org]
> On Mon, Dec 11, 2017 at 06:30:24PM -0500, Debabrata Banerjee wrote:
> > + } else {
> > + /* Implicit handling for NF_STOLEN, as well as any other
> > +* non conventional verdicts.
> > +*/
> > +
Hi,
Thanks for catching up this, see below.
On Mon, Dec 11, 2017 at 06:30:24PM -0500, Debabrata Banerjee wrote:
> A verdict of NF_STOLEN after NF_QUEUE will cause an incorrect return value
> and a potential kernel panic via double free of skb's
>
> This was broken by commit 7034b566a4e7
