diff options
| author | Florian Westphal <fw@strlen.de> | 2026-06-18 06:58:24 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2026-06-21 00:18:26 +0200 |
| commit | 213be32f46a29ca15a314df06c3424ecffd6c90a (patch) | |
| tree | dbb1eab5079515d372f5e4866346783b72760129 /include | |
| parent | 4a597a87e2e2f608edb6be2c510dc826b4fdfb53 (diff) | |
| download | ath-213be32f46a29ca15a314df06c3424ecffd6c90a.tar.gz | |
netfilter: nft_payload: reject offsets exceeding 65535 bytes
Large offsets were rejected based on netlink policy, but blamed commit
removed the policy without updating nft_payload_inner_init() to use the
truncation-check helper.
Silent truncation is not a problem, but not wanted either, so add a
check.
Fixes: 077dc4a27579 ("netfilter: nft_payload: extend offset to 65535 bytes")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions
