Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
authorDavid S. Miller <davem@davemloft.net>
Thu, 1 Feb 2018 19:41:46 +0000 (14:41 -0500)
committerDavid S. Miller <davem@davemloft.net>
Thu, 1 Feb 2018 19:41:46 +0000 (14:41 -0500)
commitb9a40729e73809df073b6f7ec5eba1c12a64f703
tree8ea7d69c9638435db453a83fdd7b1960842c198e
parent7973bfd8758d05c85ee32052a3d7d5d0549e91b4
parent3f34cfae1238848fd53f25e5c8fd59da57901f4b
Merge git://git./pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Fix OOM that syskaller triggers with ipt_replace.size = -1 and
   IPT_SO_SET_REPLACE socket option, from Dmitry Vyukov.

2) Check for too long extension name in xt_request_find_{match|target}
   that result in out-of-bound reads, from Eric Dumazet.

3) Fix memory exhaustion bug in ipset hash:*net* types when adding ranges
   that look like x.x.x.x-255.255.255.255, from Jozsef Kadlecsik.

4) Fix pointer leaks to userspace in x_tables, from Dmitry Vyukov.

5) Insufficient sanity checks in clusterip_tg_check(), also from Dmitry.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ip_sockglue.c
net/ipv4/netfilter/ipt_CLUSTERIP.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv6/ipv6_sockglue.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
net/netfilter/x_tables.c