* [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function
@ 2007-04-10 12:47 Patrick McHardy
2007-04-10 20:27 ` David Miller
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Patrick McHardy @ 2007-04-10 12:47 UTC (permalink / raw)
To: stable; +Cc: Netfilter Development Mailinglist, David S. Miller
[-- Attachment #1: Type: text/plain, Size: 53 bytes --]
Fix netfilter crash in ipt_CLUSTERIP. Please apply.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1432 bytes --]
[NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function
The clusterip_config_find_get() already increases entries reference
counter, so there is no reason to do it twice in checkentry() callback.
This causes the config to be freed before it is removed from the list,
resulting in a crash when adding the next rule.
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 587ef6fd51ede13f0b3437910d5ecefb980461ed
tree df06064ff57ee2ddcd4b47d8a7450c7f797fa230
parent fea42a5760325392653d556b1087f8274adcfb2e
author Jaroslav Kysela <perex@suse.cz> Tue, 10 Apr 2007 14:42:29 +0200
committer Patrick McHardy <kaber@trash.net> Tue, 10 Apr 2007 14:42:29 +0200
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index e965b33..42b0802 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -411,12 +411,10 @@ checkentry(const char *tablename,
"has invalid config pointer!\n");
return 0;
}
- clusterip_config_entry_get(cipinfo->config);
} else {
/* Case B: This is a new rule referring to an existing
* clusterip config. */
cipinfo->config = config;
- clusterip_config_entry_get(cipinfo->config);
}
} else {
/* Case C: This is a completely new clusterip config */
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function
2007-04-10 12:47 [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function Patrick McHardy
@ 2007-04-10 20:27 ` David Miller
2007-04-11 18:53 ` patch netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch queued to -stable tree gregkh
2007-04-11 19:03 ` gregkh
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2007-04-10 20:27 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, stable
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 10 Apr 2007 14:47:21 +0200
> Fix netfilter crash in ipt_CLUSTERIP. Please apply.
Signed-off-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 4+ messages in thread
* patch netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch queued to -stable tree
2007-04-10 12:47 [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function Patrick McHardy
2007-04-10 20:27 ` David Miller
@ 2007-04-11 18:53 ` gregkh
2007-04-11 19:03 ` gregkh
2 siblings, 0 replies; 4+ messages in thread
From: gregkh @ 2007-04-11 18:53 UTC (permalink / raw)
To: kaber, davem, gregkh, netfilter-devel, perex; +Cc: stable
This is a note to let you know that we have just queued up the patch titled
Subject: NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function
to the 2.6.20-stable tree. Its filename is
netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch
A git repo of this tree can be found at
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>From stable-bounces@linux.kernel.org Tue Apr 10 05:49:18 2007
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 10 Apr 2007 14:47:21 +0200
Subject: NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function
To: stable@kernel.org
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>, "David S. Miller" <davem@davemloft.net>
Message-ID: <461B8759.1000507@trash.net>
From: Patrick McHardy <kaber@trash.net>
[NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function
The clusterip_config_find_get() already increases entries reference
counter, so there is no reason to do it twice in checkentry() callback.
This causes the config to be freed before it is removed from the list,
resulting in a crash when adding the next rule.
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -411,12 +411,10 @@ checkentry(const char *tablename,
"has invalid config pointer!\n");
return 0;
}
- clusterip_config_entry_get(cipinfo->config);
} else {
/* Case B: This is a new rule referring to an existing
* clusterip config. */
cipinfo->config = config;
- clusterip_config_entry_get(cipinfo->config);
}
} else {
/* Case C: This is a completely new clusterip config */
_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable
Patches currently in stable-queue which might be from kaber@trash.net are
^ permalink raw reply [flat|nested] 4+ messages in thread* patch netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch queued to -stable tree
2007-04-10 12:47 [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function Patrick McHardy
2007-04-10 20:27 ` David Miller
2007-04-11 18:53 ` patch netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch queued to -stable tree gregkh
@ 2007-04-11 19:03 ` gregkh
2 siblings, 0 replies; 4+ messages in thread
From: gregkh @ 2007-04-11 19:03 UTC (permalink / raw)
To: kaber, davem, gregkh, netfilter-devel, perex; +Cc: stable
This is a note to let you know that we have just queued up the patch titled
Subject: NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function
to the 2.6.20-stable tree. Its filename is
netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch
A git repo of this tree can be found at
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>From stable-bounces@linux.kernel.org Tue Apr 10 05:49:18 2007
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 10 Apr 2007 14:47:21 +0200
Subject: NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function
To: stable@kernel.org
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>, "David S. Miller" <davem@davemloft.net>
Message-ID: <461B8759.1000507@trash.net>
From: Patrick McHardy <kaber@trash.net>
[NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function
The clusterip_config_find_get() already increases entries reference
counter, so there is no reason to do it twice in checkentry() callback.
This causes the config to be freed before it is removed from the list,
resulting in a crash when adding the next rule.
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -411,12 +411,10 @@ checkentry(const char *tablename,
"has invalid config pointer!\n");
return 0;
}
- clusterip_config_entry_get(cipinfo->config);
} else {
/* Case B: This is a new rule referring to an existing
* clusterip config. */
cipinfo->config = config;
- clusterip_config_entry_get(cipinfo->config);
}
} else {
/* Case C: This is a completely new clusterip config */
_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable
Patches currently in stable-queue which might be from kaber@trash.net are
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-11 19:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-10 12:47 [NETFILTER -stable]: ipt_CLUSTERIP: fix oops in checkentry function Patrick McHardy
2007-04-10 20:27 ` David Miller
2007-04-11 18:53 ` patch netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch queued to -stable tree gregkh
2007-04-11 19:03 ` gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.