Commit d9eb3178 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Florian Westphal says:

====================
netfilter: update for net

This is one last-minute crash fix for nf_tables, from Andrew Fasano:

Logical check is inverted, this makes kernel fail to correctly undo
the transaction, leading to a use-after-free.

* tag 'nf-26-02-05' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()
====================

Link: https://patch.msgid.link/20260205074450.3187-1-fw@strlen.de


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 7d6ba706 f41c5d15

net/netfilter/nf_tables_api.c

+1 −1
Original line number Diff line number Diff line
@@ -5914,7 +5914,7 @@ static void nft_map_catchall_activate(const struct nft_ctx *ctx, 


	list_for_each_entry(catchall, &set->catchall_list, list) {

		ext = nft_set_elem_ext(set, catchall->elem);

		if (!nft_set_elem_active(ext, genmask))

		if (nft_set_elem_active(ext, genmask))

			continue;



		nft_clear(ctx->net, ext);