netfilter: nft_set_pipapo: skip inactive elements during set walk

jira VULN-6810
cve CVE-2023-6817
commit-author Florian Westphal <[email protected]>
commit 317eb96
upstream-diff Additional newline because this kernel has not removed
              the nft_set_elem_expired call yet

Otherwise set elements can be deactivated twice which will cause a crash.

	Reported-by: Xingyuan Mo <[email protected]>
Fixes: 3c4287f ("nf_tables: Add set type for arbitrary concatenation of ranges")
	Signed-off-by: Florian Westphal <[email protected]>
	Signed-off-by: Pablo Neira Ayuso <[email protected]>
(cherry picked from commit 317eb96)
	Signed-off-by: Brett Mastbergen <[email protected]>

Author: bmastbergen

net/netfilter/nft_set_pipapo.c

@@ -1981,6 +1981,10 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set,
 			goto cont;
 
 		e = f->mt[r].e;
+
+		if (!nft_set_elem_active(&e->ext, iter->genmask))
+			goto cont;
+
 		if (nft_set_elem_expired(&e->ext))
 			goto cont;