Merge: CVE-2024-45018: netfilter: flowtable: initialise extack before use

emmil · emmil · commit 8635bed00010 · 2024-09-23T08:16:45.000Z
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5174 JIRA: https://issues.redhat.com/browse/RHEL-58544 CVE: CVE-2024-45018 ``` netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. Fixes: c29f74e ("netfilter: nf_flow_table: hardware offload support") Signed-off-by: Donald Hunter <donald.hunter@gmail.com> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit e976713) ``` Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> Approved-by: Florian Westphal <fwestpha@redhat.com> Approved-by: Antoine Tenart <atenart@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Rado Vrbovsky <rvrbovsk@redhat.com>
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
@@ -834,8 +834,8 @@ static int nf_flow_offload_tuple(struct nf_flowtable *flowtable,
 				 struct list_head *block_cb_list)
 {
 	struct flow_cls_offload cls_flow = {};
+	struct netlink_ext_ack extack = {};
 	struct flow_block_cb *block_cb;
-	struct netlink_ext_ack extack;
 	__be16 proto = ETH_P_ALL;
 	int err, i = 0;
 

Original file line number	Diff line number	Diff line change
`@@ -834,8 +834,8 @@ static int nf_flow_offload_tuple(struct nf_flowtable *flowtable,`
`834`	`834`	`struct list_head *block_cb_list)`
`835`	`835`	`{`
`836`	`836`	`struct flow_cls_offload cls_flow = {};`
	`837`	`+ struct netlink_ext_ack extack = {};`
`837`	`838`	`struct flow_block_cb *block_cb;`
`838`		`- struct netlink_ext_ack extack;`
`839`	`839`	`__be16 proto = ETH_P_ALL;`
`840`	`840`	`int err, i = 0;`
`841`	`841`