netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261)
This commit is contained in:
parent
f86bc88075
commit
d9f03c486b
|
@ -5,6 +5,7 @@ linux (4.8.4-1~exp2) UNRELEASED; urgency=medium
|
||||||
* [armhf] dts: imx53: add support for USB armory board (Closes: #840137)
|
* [armhf] dts: imx53: add support for USB armory board (Closes: #840137)
|
||||||
* kconfig: Renumber SYMBOL_NEW, fixing regression of allnoconfig
|
* kconfig: Renumber SYMBOL_NEW, fixing regression of allnoconfig
|
||||||
(Closes: #841357)
|
(Closes: #841357)
|
||||||
|
* netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261)
|
||||||
|
|
||||||
[ Salvatore Bonaccorso ]
|
[ Salvatore Bonaccorso ]
|
||||||
* [x86] boot/smp: Don't try to poke disabled/non-existent APIC
|
* [x86] boot/smp: Don't try to poke disabled/non-existent APIC
|
||||||
|
|
36
debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
vendored
Normal file
36
debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
vendored
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
From: Liping Zhang <liping.zhang@spreadtrum.com>
|
||||||
|
Date: Tue, 11 Oct 2016 21:03:45 +0800
|
||||||
|
Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
|
||||||
|
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
|
||||||
|
Bug-Debian: https://bugs.debian.org/841261
|
||||||
|
|
||||||
|
Justin and Chris spotted that iptables NFLOG target was broken when they
|
||||||
|
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
|
||||||
|
"results in segfaults in ulogd-2.0.5".
|
||||||
|
|
||||||
|
Because "struct nf_loginfo li;" is a local variable, and flags will be
|
||||||
|
filled with garbage value, not inited to zero. So if it contains 0x1,
|
||||||
|
packets will not be logged to the userspace anymore.
|
||||||
|
|
||||||
|
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
|
||||||
|
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
|
||||||
|
Reported-by: Chris Caputo <ccaputo@alt.net>
|
||||||
|
Tested-by: Chris Caputo <ccaputo@alt.net>
|
||||||
|
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
|
||||||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
---
|
||||||
|
net/netfilter/xt_NFLOG.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
|
||||||
|
index 018eed7e1ff1..8668a5c18dc3 100644
|
||||||
|
--- a/net/netfilter/xt_NFLOG.c
|
||||||
|
+++ b/net/netfilter/xt_NFLOG.c
|
||||||
|
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
|
li.u.ulog.copy_len = info->len;
|
||||||
|
li.u.ulog.group = info->group;
|
||||||
|
li.u.ulog.qthreshold = info->threshold;
|
||||||
|
+ li.u.ulog.flags = 0;
|
||||||
|
|
||||||
|
if (info->flags & XT_NFLOG_F_COPY_LEN)
|
||||||
|
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
|
|
@ -65,6 +65,7 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
|
||||||
bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
|
bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
|
||||||
bugfix/all/ext4-fix-bug-838544.patch
|
bugfix/all/ext4-fix-bug-838544.patch
|
||||||
bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
|
bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
|
||||||
|
bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
|
||||||
|
|
||||||
# Miscellaneous features
|
# Miscellaneous features
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue