On Thu, Dec 14, 2017 at 01:30:08PM +0100, Pablo Neira Ayuso wrote:
Hi Greg,
I'd appreciate if you can take this patch into 4.9-stable. There is no similar patch in tree, so this is not a backport.
On Wed, Dec 13, 2017 at 03:33:37PM -0500, Debabrata Banerjee wrote:
A verdict of NF_STOLEN after NF_QUEUE will cause an incorrect return value and a potential kernel panic via double free of skb's
This was broken by commit 7034b566a4e7 ("netfilter: fix nf_queue handling") and subsequently fixed in v4.10 by commit c63cbc460419 ("netfilter: use switch() to handle verdict cases from nf_hook_slow()"). However that commit cannot be cleanly cherry-picked to v4.9
Signed-off-by: Debabrata Banerjee dbanerje@akamai.com
Acked-by: Pablo Neira Ayuso pablo@netfilter.org
Thanks a lot!
Now applied, thanks.
greg k-h