Commit eb4ca1a9 authored Jul 13, 2024 by Pablo Neira Ayuso Committed by Greg Kroah-Hartman Aug 19, 2024

netfilter: ctnetlink: use helper function to calculate expect ID



[ Upstream commit 78216189 ]

Delete expectation path is missing a call to the nf_expect_get_id()
helper function to calculate the expectation ID, otherwise LSB of the
expectation object address is leaked to userspace.

Fixes: 3c791076 ("netfilter: ctnetlink: don't use conntrack/expect object addresses as id")
Reported-by:  <zdi-disclosures@trendmicro.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 9118c408

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit b9d4c135
· Nov 05, 2025

mentioned in commit b9d4c135

mentioned in commit b9d4c135c790a1939ec769c137cf677aefa40e2c

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 73f3a9c9
· Nov 05, 2025

mentioned in commit 73f3a9c9

mentioned in commit 73f3a9c9aee16c5806b93a7f48e9b6082e1d8d1c

Toggle commit list

Please to comment