[NETFILTER 00/02]: Netfilter -stable fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

* [NETFILTER 00/02]: Netfilter -stable fixes
@ 2007-01-15  9:28 Patrick McHardy
  2007-01-15  9:28 ` [NETFILTER 01/02]: ctnetlink: check for status attribute existence on conntrack creation Patrick McHardy
  2007-01-15  9:28 ` [NETFILTER 02/02]: ctnetlink: fix leak in ctnetlink_create_conntrack error path Patrick McHardy
  0 siblings, 2 replies; 3+ messages in thread
From: Patrick McHardy @ 2007-01-15  9:28 UTC (permalink / raw)
  To: stable; +Cc: netfilter-devel, Patrick McHardy, davem

The following two patches for ctnetlink fix a crash when the CTA_STATUS attribute
is not present and a memory leak when changing the conntrack protocol data fails.

Please apply, thanks.


 net/ipv4/netfilter/ip_conntrack_netlink.c |   10 ++++++----
 net/netfilter/nf_conntrack_netlink.c      |   10 ++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

Pablo Neira Ayuso:
      [NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Patrick McHardy:
      [NETFILTER]: ctnetlink: fix leak in ctnetlink_create_conntrack error path

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [NETFILTER 01/02]: ctnetlink: check for status attribute existence on conntrack creation
  2007-01-15  9:28 [NETFILTER 00/02]: Netfilter -stable fixes Patrick McHardy
@ 2007-01-15  9:28 ` Patrick McHardy
  2007-01-15  9:28 ` [NETFILTER 02/02]: ctnetlink: fix leak in ctnetlink_create_conntrack error path Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2007-01-15  9:28 UTC (permalink / raw)
  To: stable; +Cc: netfilter-devel, Patrick McHardy, davem

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received
to create a new conntrack.

Fixes a crash in ctnetlink_create_conntrack when the CTA_STATUS attribute
is not present.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 667fca411a3edaf30f98f3f7aaf0c1be8d0e7cc2
tree 0a0026ce63097bcb1c7bf6780cd89a21395b67ca
parent 3ac4e26b2cc43180661453851174f40a1292da09
author Pablo Neira Ayuso <pablo@netfilter.org> Mon, 15 Jan 2007 10:16:22 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 15 Jan 2007 10:16:22 +0100

 net/ipv4/netfilter/ip_conntrack_netlink.c |    8 +++++---
 net/netfilter/nf_conntrack_netlink.c      |    8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 55f0ae6..39f23f4 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -946,9 +946,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ab67c2b..c650ccc 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [NETFILTER 02/02]: ctnetlink: fix leak in ctnetlink_create_conntrack error path
  2007-01-15  9:28 [NETFILTER 00/02]: Netfilter -stable fixes Patrick McHardy
  2007-01-15  9:28 ` [NETFILTER 01/02]: ctnetlink: check for status attribute existence on conntrack creation Patrick McHardy
@ 2007-01-15  9:28 ` Patrick McHardy
  1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2007-01-15  9:28 UTC (permalink / raw)
  To: stable; +Cc: netfilter-devel, Patrick McHardy, davem

[NETFILTER]: ctnetlink: fix leak in ctnetlink_create_conntrack error path

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit b653efffdc1e260fbb446298fd3fa231f4193cdf
tree a36dd3e3a47b2dc02efb2eea9a98fc63b41260f9
parent 667fca411a3edaf30f98f3f7aaf0c1be8d0e7cc2
author Patrick McHardy <kaber@trash.net> Mon, 15 Jan 2007 10:16:35 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 15 Jan 2007 10:16:35 +0100

 net/ipv4/netfilter/ip_conntrack_netlink.c |    2 +-
 net/netfilter/nf_conntrack_netlink.c      |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 39f23f4..424f2fc 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -955,7 +955,7 @@ ctnetlink_create_conntrack(struct nfattr
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
 		if (err < 0)
-			return err;
+			goto err;
 	}
 
 #if defined(CONFIG_IP_NF_CONNTRACK_MARK)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c650ccc..4c2e69a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -972,7 +972,7 @@ ctnetlink_create_conntrack(struct nfattr
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
 		if (err < 0)
-			return err;
+			goto err;
 	}
 
 #if defined(CONFIG_NF_CONNTRACK_MARK)

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-01-15  9:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-15  9:28 [NETFILTER 00/02]: Netfilter -stable fixes Patrick McHardy
2007-01-15  9:28 ` [NETFILTER 01/02]: ctnetlink: check for status attribute existence on conntrack creation Patrick McHardy
2007-01-15  9:28 ` [NETFILTER 02/02]: ctnetlink: fix leak in ctnetlink_create_conntrack error path Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.