diff options
| author | David S. Miller <davem@davemloft.net> | 2021-04-12 16:17:50 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2021-04-12 16:17:50 -0700 |
| commit | ccb39c6285581992f0225c45e4de704028a8ec17 (patch) | |
| tree | 8ab8b6f6d4af0e0f7f58dfce3ee0059aa239f766 /net/ipv6 | |
| parent | f33b0e196ed7aa3dc285b26db7768c1db1eb3a41 (diff) | |
| parent | 4d8f9065830e526c83199186c5f56a6514f457d2 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Fix NAT IPv6 offload in the flowtable.
2) icmpv6 is printed as unknown in /proc/net/nf_conntrack.
3) Use div64_u64() in nft_limit, from Eric Dumazet.
4) Use pre_exit to unregister ebtables and arptables hooks,
from Florian Westphal.
5) Fix out-of-bound memset in x_tables compat match/target,
also from Florian.
6) Clone set elements expression to ensure proper initialization.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 2e2119bfcf13..eb2b5404806c 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1443,6 +1443,8 @@ translate_compat_table(struct net *net, if (!newinfo) goto out_unlock; + memset(newinfo->entries, 0, size); + newinfo->number = compatr->num_entries; for (i = 0; i < NF_INET_NUMHOOKS; i++) { newinfo->hook_entry[i] = compatr->hook_entry[i]; |