git.itanic.dy.fi Git - linux-stable/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 27 May 2023 16:08:09 +0000 (18:08 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 30 May 2023 11:38:38 +0000 (12:38 +0100)
commit	6b10e6d509ec4cf3d965eac659b09e67ea3b82a0
tree	91c76a2d0d92a1d4ad09bd4c0eee7c79b2929ae6	tree \| snapshot
parent	61256d2d67bec5f08188ca4f809ed0456829efe5	commit \| diff

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

[ 36d5b2913219ac853908b0f1c664345e04313856 ]

When doing lookups for rules on the same batch by using its ID, a rule from
a different chain can be used. If a rule is added to a chain but tries to
be positioned next to a rule from a different chain, it will be linked to
chain2, but the use counter on chain1 would be the one to be incremented.

When looking for rules by ID, use the chain that was used for the lookup by
name. The chain used in the context copied to the transaction needs to
match that same chain. That way, struct nft_rule does not need to get
enlarged with another member.

Fixes: 1a94e38d254b ("netfilter: nf_tables: add NFTA_RULE_ID attribute")
Fixes: 75dd48e2e420 ("netfilter: nf_tables: Support RULE_ID reference in new rule")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>