linux/net
Florian Westphal c6675233f9 netfilter: nf_queue: reject NF_STOLEN verdicts from userspace
A userspace listener may send (bogus) NF_STOLEN verdict, which causes skb leak.

This problem was previously fixed via
64507fdbc2 (netfilter:
nf_queue: fix NF_STOLEN skb leak) but this had to be reverted because
NF_STOLEN can also be returned by a netfilter hook when iterating the
rules in nf_reinject.

Reject userspace NF_STOLEN verdict, as suggested by Michal Miroslaw.

This is complementary to commit fad5444043
(netfilter: avoid double free in nf_reinject).

Cc: Julian Anastasov <ja@ssi.bg>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2011-08-30 15:01:20 +02:00
..
9p net/9p: Fix the msize calculation. 2011-07-23 09:32:52 -05:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared 2011-07-27 22:39:30 -07:00
appletalk appletalk: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
atm atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv netdevice: Kill 'feature' test macros. 2011-07-12 12:28:58 -07:00
bluetooth net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared 2011-07-27 22:39:30 -07:00
bridge netfilter: ebtables: fix ebtables build dependency 2011-07-29 16:40:30 +02:00
caif Remove redundant linux/version.h includes from net/ 2011-06-21 16:03:17 -07:00
can net/can: use printk_ratelimited() instead of printk_ratelimit() 2011-06-17 00:03:03 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-07-26 13:38:50 -07:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
dcb dcbnl: unlock on an error path in dcbnl_cee_fill() 2011-07-08 09:01:14 -07:00
dccp dccp ccid-2: Perform congestion-window validation 2011-07-04 12:37:49 -06:00
decnet atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa DSA: Enable cascading in multi-chip 6131 configuration 2011-06-29 05:53:49 -07:00
econet af_econet: Use current logging styles and neatening 2011-07-03 20:05:16 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-07-27 22:39:30 -07:00
ieee802154 ieee802154: free skb buffer if dev isn't running 2011-06-30 16:18:09 +04:00
ipv4 netfilter: nf_queue: reject NF_STOLEN verdicts from userspace 2011-08-30 15:01:20 +02:00
ipv6 netfilter: nf_queue: reject NF_STOLEN verdicts from userspace 2011-08-30 15:01:20 +02:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-20 22:29:08 -07:00
iucv atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
key net: Remove casts of void * 2011-06-16 23:19:27 -04:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
lapb lapb: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared 2011-07-27 22:39:30 -07:00
netfilter netfilter: nf_queue: reject NF_STOLEN verdicts from userspace 2011-08-30 15:01:20 +02:00
netlabel atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
netlink Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-06-24 15:25:51 -04:00
netrom netrom: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
nfc NFC: add the NFC socket raw protocol 2011-07-05 15:26:58 -04:00
packet af-packet: fix - avoid reading stale data 2011-07-14 08:36:33 -07:00
phonet rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
rds notifiers: cpu: move cpu notifiers into cpu.h 2011-07-25 20:57:14 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose rose: Delete commented out references to ancient firewalling code. 2011-07-07 02:41:59 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
sctp Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-07-21 13:38:42 -07:00
sunrpc Merge branch 'nfs-for-3.1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs 2011-07-27 13:23:02 -07:00
tipc atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
unix new helpers: kern_path_create/user_path_create 2011-07-20 01:44:05 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless wireless: fix a typo in ignore_reg_update 2011-07-26 16:27:32 -04:00
x25 x25: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
xfrm net: Add ->neigh_lookup() operation to dst_ops 2011-07-18 00:40:17 -07:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
Makefile NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
nonet.c
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
sysctl_net.c