[linux] 01/04: netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261)

Fri Oct 28 19:21:05 UTC 2016

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit d9f03c486bbb4a0a54b41aac20ba3209c7f9a1ae
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Mon Oct 24 03:20:00 2016 +0100

    netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261)
---
 debian/changelog                                   |  1 +
 ...-xt_nflog-fix-unexpected-truncated-packet.patch | 36 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 38 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index c5aef53..e898ce3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ linux (4.8.4-1~exp2) UNRELEASED; urgency=medium
   * [armhf] dts: imx53: add support for USB armory board (Closes: #840137)
   * kconfig: Renumber SYMBOL_NEW, fixing regression of allnoconfig
     (Closes: #841357)
+  * netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261)
 
   [ Salvatore Bonaccorso ]
   * [x86] boot/smp: Don't try to poke disabled/non-existent APIC
diff --git a/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch b/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
new file mode 100644
index 0000000..8b2ac7f
--- /dev/null
+++ b/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
@@ -0,0 +1,36 @@
+From: Liping Zhang <liping.zhang at spreadtrum.com>
+Date: Tue, 11 Oct 2016 21:03:45 +0800
+Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
+Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
+Bug-Debian: https://bugs.debian.org/841261
+
+Justin and Chris spotted that iptables NFLOG target was broken when they
+upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
+"results in segfaults in ulogd-2.0.5".
+
+Because "struct nf_loginfo li;" is a local variable, and flags will be
+filled with garbage value, not inited to zero. So if it contains 0x1,
+packets will not be logged to the userspace anymore.
+
+Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
+Reported-by: Justin Piszcz <jpiszcz at lucidpixels.com>
+Reported-by: Chris Caputo <ccaputo at alt.net>
+Tested-by: Chris Caputo <ccaputo at alt.net>
+Signed-off-by: Liping Zhang <liping.zhang at spreadtrum.com>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ net/netfilter/xt_NFLOG.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
+index 018eed7e1ff1..8668a5c18dc3 100644
+--- a/net/netfilter/xt_NFLOG.c
++++ b/net/netfilter/xt_NFLOG.c
+@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
+ 	li.u.ulog.copy_len   = info->len;
+ 	li.u.ulog.group	     = info->group;
+ 	li.u.ulog.qthreshold = info->threshold;
++	li.u.ulog.flags	     = 0;
+ 
+ 	if (info->flags & XT_NFLOG_F_COPY_LEN)
+ 		li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
diff --git a/debian/patches/series b/debian/patches/series
index a52dfd7..977ccaf 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -65,6 +65,7 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
 bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
 bugfix/all/ext4-fix-bug-838544.patch
 bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
+bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
 
 # Miscellaneous features
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

