* [PATCH 09/10] nf_nat: Fixes invalid access due to reallocating exntesion area
@ 2007-06-25 3:15 Yasuyuki KOZAKAI
0 siblings, 0 replies; 3+ messages in thread
From: Yasuyuki KOZAKAI @ 2007-06-25 3:15 UTC (permalink / raw)
To: netfilter-devel; +Cc: rusty, kaber, pablo, kadlec
ct_extend_add called in nf_conntrack_alter_reply can reallocate
extension aera and the pointer to private arae for NAT can be changed.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
---
net/ipv4/netfilter/nf_nat_core.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index dea4ab1..4e4fad7 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -297,7 +297,6 @@ nf_nat_setup_info(struct nf_conn *ct,
return NF_ACCEPT;
}
}
- info = &nat->info;
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
hooknum == NF_IP_POST_ROUTING ||
@@ -335,6 +334,8 @@ nf_nat_setup_info(struct nf_conn *ct,
srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
write_lock_bh(&nf_nat_lock);
+ /* nf_conntrack_alter_reply might re-allocate exntension aera */
+ info = &nfct_nat(ct)->info;
info->ct = ct;
list_add(&info->bysource, &bysource[srchash]);
write_unlock_bh(&nf_nat_lock);
--
1.5.2.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 09/10] nf_nat: Fixes invalid access due to reallocating exntesion area
@ 2007-06-25 17:22 Yasuyuki KOZAKAI
0 siblings, 0 replies; 3+ messages in thread
From: Yasuyuki KOZAKAI @ 2007-06-25 17:22 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
ct_extend_add called in nf_conntrack_alter_reply can reallocate
extension aera and the pointer to private arae for NAT can be changed.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
---
net/ipv4/netfilter/nf_nat_core.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index fd10584..e370d15 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -297,7 +297,6 @@ nf_nat_setup_info(struct nf_conn *ct,
return NF_ACCEPT;
}
}
- info = &nat->info;
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
hooknum == NF_IP_POST_ROUTING ||
@@ -335,6 +334,8 @@ nf_nat_setup_info(struct nf_conn *ct,
srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
write_lock_bh(&nf_nat_lock);
+ /* nf_conntrack_alter_reply might re-allocate exntension aera */
+ info = &nfct_nat(ct)->info;
info->ct = ct;
list_add(&info->bysource, &bysource[srchash]);
write_unlock_bh(&nf_nat_lock);
--
1.5.2.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 09/10] nf_nat: Fixes invalid access due to reallocating exntesion area
[not found] <200706251722.l5PHMhOo023880@toshiba.co.jp>
@ 2007-06-25 18:26 ` Patrick McHardy
0 siblings, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2007-06-25 18:26 UTC (permalink / raw)
To: Yasuyuki KOZAKAI; +Cc: netfilter-devel
Yasuyuki KOZAKAI wrote:
> ct_extend_add called in nf_conntrack_alter_reply can reallocate
> extension aera and the pointer to private arae for NAT can be changed.
I've folded this into 05/10 since thats where the bug originates.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-06-25 18:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200706251722.l5PHMhOo023880@toshiba.co.jp>
2007-06-25 18:26 ` [PATCH 09/10] nf_nat: Fixes invalid access due to reallocating exntesion area Patrick McHardy
2007-06-25 17:22 Yasuyuki KOZAKAI
-- strict thread matches above, loose matches on Subject: below --
2007-06-25 3:15 Yasuyuki KOZAKAI
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.