netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

Phil Sutterrequested to merge
psutter1/centos-stream-9:c9s/RHEL-31345 into main

CVE: CVE-2024-26673 JIRA: https://issues.redhat.com/browse/RHEL-31345 Upstream Status: All upstream in linus.git

Patch 1 fixes the bug, patch 2 is a follow-up to fix a side-effect of the first one.

Signed-off-by: Phil Sutter psutter@redhat.com

Merge request reports