netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush

pvts-mat · pvts-mat · commit 7c0a2d993e49 · 2025-11-04T21:55:45.000+01:00
jira VULN-430 cve CVE-2023-4244 commit-author Pablo Neira Ayuso <pablo@netfilter.org> commit 26cec9d Use the element object that is already offered instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit 26cec9d) Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
@@ -1816,8 +1816,9 @@ static bool nft_pipapo_flush(const struct net *net, const struct nft_set *set,
 {
 	struct nft_pipapo_elem *e = elem;
 
-	return pipapo_deactivate(net, set, (const u8 *)nft_set_ext_key(&e->ext),
-				 &e->ext);
+	nft_set_elem_change_active(net, set, &e->ext);
+
+	return true;
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -1816,8 +1816,9 @@ static bool nft_pipapo_flush(const struct net net, const struct nft_set set,`
`1816`	`1816`	`{`
`1817`	`1817`	`struct nft_pipapo_elem *e = elem;`
`1818`	`1818`
`1819`		`- return pipapo_deactivate(net, set, (const u8 *)nft_set_ext_key(&e->ext),`
`1820`		`- &e->ext);`
	`1819`	`+ nft_set_elem_change_active(net, set, &e->ext);`
	`1820`	`+`
	`1821`	`+ return true;`
`1821`	`1822`	`}`
`1822`	`1823`
`1823`	`1824`	`/**`