diff options
author | Guillaume Nault <gnault@redhat.com> | 2019-06-06 18:04:00 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-07-21 09:05:53 +0200 |
commit | ac1cd6c960bf60799a72ac23644ff5fd95b4021f (patch) | |
tree | aec5bb1715a058ea3d99f66613f33ba2e58d3419 /Documentation/devicetree | |
parent | 87a3cb06055668cde432d6d0350ebfc3384b5077 (diff) |
netfilter: ipv6: nf_defrag: accept duplicate fragments again
[ Upstream commit 8a3dca632538c550930ce8bafa8c906b130d35cf ]
When fixing the skb leak introduced by the conversion to rbtree, I
forgot about the special case of duplicate fragments. The condition
under the 'insert_error' label isn't effective anymore as
nf_ct_frg6_gather() doesn't override the returned value anymore. So
duplicate fragments now get NF_DROP verdict.
To accept duplicate fragments again, handle them specially as soon as
inet_frag_queue_insert() reports them. Return -EINPROGRESS which will
translate to NF_STOLEN verdict, like any accepted fragment. However,
such packets don't carry any new information and aren't queued, so we
just drop them immediately.
Fixes: a0d56cb911ca ("netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'Documentation/devicetree')
0 files changed, 0 insertions, 0 deletions