summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2026-02-05 08:38:02 -0800
committerJakub Kicinski <kuba@kernel.org>2026-02-05 08:38:03 -0800
commitd9eb317812288700f15965fa20d7db22c54c5e9d (patch)
treef5b143f9cecdf66568aa8cd372b4d9428bb386c9
parent7d6ba706ae5ef7d3d00b67140d2873ae1da6d41f (diff)
parentf41c5d151078c5348271ffaf8e7410d96f2d82f8 (diff)
Merge tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Florian Westphal says: ==================== netfilter: update for net This is one last-minute crash fix for nf_tables, from Andrew Fasano: Logical check is inverted, this makes kernel fail to correctly undo the transaction, leading to a use-after-free. * tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() ==================== Link: https://patch.msgid.link/20260205074450.3187-1-fw@strlen.de Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat
-rw-r--r--net/netfilter/nf_tables_api.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 729a92781a1a..be92750e2af3 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5914,7 +5914,7 @@ static void nft_map_catchall_activate(const struct nft_ctx *ctx,
list_for_each_entry(catchall, &set->catchall_list, list) {
ext = nft_set_elem_ext(set, catchall->elem);
- if (!nft_set_elem_active(ext, genmask))
+ if (nft_set_elem_active(ext, genmask))
continue;
nft_clear(ctx->net, ext);
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-21 20:39:42 +0000