Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2225382,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2225382/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260420220215.111510-9-pablo@netfilter.org/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null
    },
    "msgid": "<20260420220215.111510-9-pablo@netfilter.org>",
    "date": "2026-04-20T22:02:15",
    "name": "[net,8/8] netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "e5fa1d10efeb14cf4233448b1e36dfba04299e41",
    "submitter": {
        "id": 1315,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/1315/?format=api",
        "name": "Pablo Neira Ayuso",
        "email": "pablo@netfilter.org"
    },
    "delegate": {
        "id": 11902,
        "url": "http://patchwork.ozlabs.org/api/1.1/users/11902/?format=api",
        "username": "strlen",
        "first_name": "Florian",
        "last_name": "Westphal",
        "email": "fw@strlen.de"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260420220215.111510-9-pablo@netfilter.org/mbox/",
    "series": [
        {
            "id": 500691,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/500691/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500691",
            "date": "2026-04-20T22:02:07",
            "name": "[net,1/8] netfilter: nft_osf: restrict it to ipv4",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/500691/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2225382/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2225382/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <netfilter-devel+bounces-12102-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "netfilter-devel@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=OhmsNA/0;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12102-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"OhmsNA/0\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124",
            "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"
        ],
        "Received": [
            "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g001V0NRGz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 08:06:06 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id C770D3048F14\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 20 Apr 2026 22:02:58 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 483C93CFF5D;\n\tMon, 20 Apr 2026 22:02:33 +0000 (UTC)",
            "from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 7880B3D1706;\n\tMon, 20 Apr 2026 22:02:31 +0000 (UTC)",
            "from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id 5BBF660255;\n\tTue, 21 Apr 2026 00:02:29 +0200 (CEST)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776722552; cv=none;\n b=UuXtrmvGDb9VWjIsFqsEWAnFS83ACfhNBwyMIwfb/A3Sv/zZ9iOFfHJVwQqabdKLefOGutNkcgOzYdGazgfDT7WiUw1HhATbHjRqZxhY9gtl9sXQ/MhhlYjps/G/Get1ebtbrwREB0G9/Can5WdNd8t80IfgwTZSwtvcBA5MSro=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776722552; c=relaxed/simple;\n\tbh=kUfeTFZk5IgFgJ7dBcDAuHKs7DNUx3pWt+DeQ56Keao=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=f5wbYA7qrM2+uQufFuPSSNUK9FVLfGK0/gbpDB5DYoREiZi4wPnttn+WpdLizR9hnUmUX04nz5rYC09JnhB8QUJEajdihiehQ86/UvDh7LsU1dFhe470MZKjVie8ztCjE2j79u7l+p+H2RkfnrTE2EPveydU1irL6bKzr/T7fek=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=OhmsNA/0; arc=none smtp.client-ip=217.70.190.124",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1776722549;\n\tbh=y4oVjl5IwBD7c8hLHPmuW/Dp/NU6BKcOEDJo3EB03Ug=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=OhmsNA/0kIWioJeEG9T+2U5S55+5hkBhPCeWIyPOubKajBcUGjjbc6WZpSKzqZQyF\n\t 4mKJn/wqDJeohJfS1qi0/gUBt1o2JrbTyx+EEjjauwqqR+xREtBFMfqCghkD4iGBev\n\t YKT8aawQGl3sgvAMhaBIsFtdeISvhiKzrtiZDAhxclKtWv9F4TMH44GGl0lRSLlBXJ\n\t WJqdL9UyEaBCLHXKPib7pexwLhXG9uY54bQeFGbA01pVId7fEtSLwwEp+6nWHUl8Vy\n\t 9Os8XcOOnGLGIDG2CCkmmLlSTrjvOc5x3l9vCnUsKSx4IT5NDapfHE8YpiKMwGSEze\n\t al6U+caxK3c/g==",
        "From": "Pablo Neira Ayuso <pablo@netfilter.org>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "davem@davemloft.net,\n\tnetdev@vger.kernel.org,\n\tkuba@kernel.org,\n\tpabeni@redhat.com,\n\tedumazet@google.com,\n\tfw@strlen.de,\n\thorms@kernel.org",
        "Subject": "[PATCH net 8/8] netfilter: nfnetlink_osf: fix potential NULL\n dereference in ttl check",
        "Date": "Tue, 21 Apr 2026 00:02:15 +0200",
        "Message-ID": "<20260420220215.111510-9-pablo@netfilter.org>",
        "X-Mailer": "git-send-email 2.47.3",
        "In-Reply-To": "<20260420220215.111510-1-pablo@netfilter.org>",
        "References": "<20260420220215.111510-1-pablo@netfilter.org>",
        "Precedence": "bulk",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org",
        "List-Id": "<netfilter-devel.vger.kernel.org>",
        "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "From: Fernando Fernandez Mancera <fmancera@suse.de>\n\nThe nf_osf_ttl() function accessed skb->dev to perform a local interface\naddress lookup without verifying that the device pointer was valid.\n\nAdditionally, the implementation utilized an in_dev_for_each_ifa_rcu\nloop to match the packet source address against local interface\naddresses. It assumed that packets from the same subnet should not see a\ndecrement on the initial TTL. A packet might appear it is from the same\nsubnet but it actually isn't especially in modern environments with\ncontainers and virtual switching.\n\nRemove the device dereference and interface loop. Replace the logic with\na switch statement that evaluates the TTL according to the ttl_check.\n\nFixes: 11eeef41d5f6 (\"netfilter: passive OS fingerprint xtables match\")\nReported-by: Kito Xu (veritas501) <hxzene@gmail.com>\nCloses: https://lore.kernel.org/netfilter-devel/20260414074556.2512750-1-hxzene@gmail.com/\nSigned-off-by: Fernando Fernandez Mancera <fmancera@suse.de>\nReviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n net/netfilter/nfnetlink_osf.c | 22 +++++++---------------\n 1 file changed, 7 insertions(+), 15 deletions(-)",
    "diff": "diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c\nindex 9b209241029b..acb753ec5697 100644\n--- a/net/netfilter/nfnetlink_osf.c\n+++ b/net/netfilter/nfnetlink_osf.c\n@@ -31,26 +31,18 @@ EXPORT_SYMBOL_GPL(nf_osf_fingers);\n static inline int nf_osf_ttl(const struct sk_buff *skb,\n \t\t\t     int ttl_check, unsigned char f_ttl)\n {\n-\tstruct in_device *in_dev = __in_dev_get_rcu(skb->dev);\n \tconst struct iphdr *ip = ip_hdr(skb);\n-\tconst struct in_ifaddr *ifa;\n-\tint ret = 0;\n \n-\tif (ttl_check == NF_OSF_TTL_TRUE)\n+\tswitch (ttl_check) {\n+\tcase NF_OSF_TTL_TRUE:\n \t\treturn ip->ttl == f_ttl;\n-\tif (ttl_check == NF_OSF_TTL_NOCHECK)\n-\t\treturn 1;\n-\telse if (ip->ttl <= f_ttl)\n+\t\tbreak;\n+\tcase NF_OSF_TTL_NOCHECK:\n \t\treturn 1;\n-\n-\tin_dev_for_each_ifa_rcu(ifa, in_dev) {\n-\t\tif (inet_ifa_match(ip->saddr, ifa)) {\n-\t\t\tret = (ip->ttl == f_ttl);\n-\t\t\tbreak;\n-\t\t}\n+\tcase NF_OSF_TTL_LESS:\n+\tdefault:\n+\t\treturn ip->ttl <= f_ttl;\n \t}\n-\n-\treturn ret;\n }\n \n struct nf_osf_hdr_ctx {\n",
    "prefixes": [
        "net",
        "8/8"
    ]
}