Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2232324/?format=api
{ "id": 2232324, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2232324/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260504112300.715192-1-tomaquet18@protonmail.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260504112300.715192-1-tomaquet18@protonmail.com>", "date": "2026-05-04T11:23:14", "name": "[v4] netfilter: conntrack: fix integer overflow in expectation timeout", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "026b9f63101437d361d4ef97206b598fdea1adab", "submitter": { "id": 93321, "url": "http://patchwork.ozlabs.org/api/1.1/people/93321/?format=api", "name": "Àlex Fernández", "email": "tomaquet18@protonmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260504112300.715192-1-tomaquet18@protonmail.com/mbox/", "series": [ { "id": 502647, "url": "http://patchwork.ozlabs.org/api/1.1/series/502647/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502647", "date": "2026-05-04T11:23:14", "name": "[v4] netfilter: conntrack: fix integer overflow in expectation timeout", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/502647/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2232324/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2232324/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12403-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256\n header.s=protonmail3 header.b=aBHvBr4d;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12403-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com\n header.b=\"aBHvBr4d\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=185.70.43.101", "smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=protonmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=protonmail.com" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g8K6D5Wblz1yJ9\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 04 May 2026 21:24:04 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id DD97E3022629\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 4 May 2026 11:23:23 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7789F3AA1A6;\n\tMon, 4 May 2026 11:23:23 +0000 (UTC)", "from mail-43101.protonmail.ch (mail-43101.protonmail.ch\n [185.70.43.101])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 991E73A5E70\n\tfor <netfilter-devel@vger.kernel.org>; Mon, 4 May 2026 11:23:20 +0000 (UTC)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777893802; cv=none;\n b=WdL4Cg7LBVVDIodfqGqz//IYDtSuMeOBIpFwL5raS8LHGUD/+YZmVaTxptQNjJLdNCZZzoYyJ2ahFX6c7jn+kuRiJKmsKMyD3oKo3JEADxT/KDTLmpvJqHqCJ30NKz23Z/2BfGkXc23Olwz8Pnl0O+crlkxIZSOCCzyogYbQyhA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777893802; c=relaxed/simple;\n\tbh=4S7VamUGXJkMeQB2ofubAms9FfbofD8iRmCfIuvPhTw=;\n\th=Date:To:From:Cc:Subject:Message-ID:MIME-Version:Content-Type;\n b=GWDfyGBWgGa0RuTnptxss6ITdGJpQCFU/u8dCBFuorHr3atjVQcgUq53lBjhCWZx1n6hNzK47LWZ8plQhgMFOBUUtGToUVfmiPAoJvQxEQXJ6K2IlQhhoRGTGNMJlsxvZY3tWnctqWBxEIqOIkzYnM3DzKsdlqG29fs5YxugpKg=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=protonmail.com;\n spf=pass smtp.mailfrom=protonmail.com;\n dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com\n header.b=aBHvBr4d; arc=none smtp.client-ip=185.70.43.101", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;\n\ts=protonmail3; t=1777893798; x=1778152998;\n\tbh=4S7VamUGXJkMeQB2ofubAms9FfbofD8iRmCfIuvPhTw=;\n\th=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:\n\t Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;\n\tb=aBHvBr4dVsqy7yHfiXycGHb6q4UNFr7s+mOyisMQD03NxNih9cJ3qc5awjA35ih0b\n\t 2CfMu45bEnpZfVyuvcbBjlvdf5LXb/t7/RJQy2M3Zrag5uCiMYTPwmuZA7BedPpUUO\n\t M3VaEXgT4gYS8YXG075NlqSOk0ohCgZeyp6aYEz5DOrPcpQKV+uxsjIeqPa/+d+RAx\n\t wFSrlUpbr0b8YjfmQPVvm6t4l0RXhSbI2trGmpCxL1gfIJqqIYhCCl2AfeUAh3QhWi\n\t dR2YrSqW1FKtM6c14qYZMevJOt2EHq7cZfL7T1fMoXHC4bOz2Hm5NfULKz1dPS+IFb\n\t 6PBCEK/IhlwIA==", "Date": "Mon, 04 May 2026 11:23:14 +0000", "To": "pablo@netfilter.org, fw@strlen.de, netfilter-devel@vger.kernel.org", "From": "=?utf-8?q?=C3=80lex_Fern=C3=A1ndez?= <tomaquet18@protonmail.com>", "Cc": "=?utf-8?q?=C3=80lex_Fern=C3=A1ndez?= <tomaquet18@protonmail.com>", "Subject": "[PATCH v4] netfilter: conntrack: fix integer overflow in expectation\n timeout", "Message-ID": "<20260504112300.715192-1-tomaquet18@protonmail.com>", "Feedback-ID": "64308806:user:proton", "X-Pm-Message-ID": "2d7f08c6467d8601e415e0fb3ef5a17b019017ab", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=utf-8", "Content-Transfer-Encoding": "quoted-printable" }, "content": "In ctnetlink_change_expect(), the expectation timeout is calculated by\nmultiplying the user-provided timeout value by HZ. Because ntohl()\nreturns a 32-bit unsigned integer, this multiplication is performed in\n32-bit arithmetic before being promoted to the 64-bit jiffies format.\n\nIf a user provides a large enough timeout (e.g., 42949673 on a system\nwith HZ=100), the multiplication wraps around the 32-bit limit,\nresulting in a near-zero jiffies value. This causes the expectation\nto be immediately collected by the garbage collector instead of staying\nopen for the requested duration.\n\nThis patch casts the result of ntohl() to u64 prior to multiplication,\nmatching the safe pattern already used for standard conntrack timeouts.\n\nSigned-off-by: Àlex Fernández <tomaquet18@protonmail.com>\n---\n net/netfilter/nf_conntrack_netlink.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)", "diff": "diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c\nindex eda5fe4a7..be89bf1ba 100644\n--- a/net/netfilter/nf_conntrack_netlink.c\n+++ b/net/netfilter/nf_conntrack_netlink.c\n@@ -3466,7 +3466,7 @@ ctnetlink_change_expect(struct nf_conntrack_expect *x,\n \t\t\treturn -ETIME;\n \n \t\tx->timeout.expires = jiffies +\n-\t\t\tntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;\n+\t\t\t(u64)ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;\n \t\tadd_timer(&x->timeout);\n \t}\n \treturn 0;\n", "prefixes": [ "v4" ] }