diff options
| author | Florian Westphal <fw@strlen.de> | 2026-06-18 08:25:47 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2026-06-21 00:18:27 +0200 |
| commit | e409c23c2d0630f3b95efd12428b2e58800b7645 (patch) | |
| tree | 2587047c74cfc52d554381b797dd74338e26d14b | |
| parent | bff1c8b49a9cb5c04af20f4e7d43bf4af5863bc6 (diff) | |
netfilter: nft_flow_offload: zero device address for non-ether case
LLM points out that the skip causes unitialised stack array to
propagate down into dev_fill_forward_path(). Its not clear to me that
there is a guarantee that a later ctx.dev->netdev_ops->ndo_fill_forward_path()
would always fix this up.
Cc: Felix Fietkau <nbd@nbd.name>
Fixes: 45ca3e61999e ("netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_flow_table_path.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_flow_table_path.c b/net/netfilter/nf_flow_table_path.c index 1e7e216b9f89..98c03b487f52 100644 --- a/net/netfilter/nf_flow_table_path.c +++ b/net/netfilter/nf_flow_table_path.c @@ -53,8 +53,10 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct neighbour *n; u8 nud_state; - if (!nft_is_valid_ether_device(dev)) + if (!nft_is_valid_ether_device(dev)) { + eth_zero_addr(ha); goto out; + } n = dst_neigh_lookup(dst_cache, daddr); if (!n) |
