From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 10/12] netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
Date: Tue, 11 Sep 2018 02:20:42 +0200 [thread overview]
Message-ID: <20180911002044.9100-11-pablo@netfilter.org> (raw)
In-Reply-To: <20180911002044.9100-1-pablo@netfilter.org>
Compiler did not catch incorrect typing in the rcu hook assignment.
% nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10
% iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
dmesg - xt_CT: Timeout policy `test-tcp' can only be used by L3 protocol number 25000
The CT target bails out with incorrect layer 3 protocol number.
Fixes: 6c1fd7dc489d ("netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object")
Reported-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nfnetlink_cttimeout.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index d46a236cdf31..a30f8ba4b89a 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -489,8 +489,8 @@ static int cttimeout_default_get(struct net *net, struct sock *ctnl,
return err;
}
-static struct ctnl_timeout *
-ctnl_timeout_find_get(struct net *net, const char *name)
+static struct nf_ct_timeout *ctnl_timeout_find_get(struct net *net,
+ const char *name)
{
struct ctnl_timeout *timeout, *matching = NULL;
@@ -509,7 +509,7 @@ ctnl_timeout_find_get(struct net *net, const char *name)
break;
}
err:
- return matching;
+ return matching ? &matching->timeout : NULL;
}
static void ctnl_timeout_put(struct nf_ct_timeout *t)
--
2.11.0
next prev parent reply other threads:[~2018-09-11 5:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-11 0:20 [PATCH 00/12] Netfilter fixes for net Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 01/12] netfilter: conntrack: remove duplicated include from nf_conntrack_proto_udp.c Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 02/12] netfilter: xt_cluster: add dependency on conntrack module Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 03/12] netfilter: xt_checksum: ignore gso skbs Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 04/12] netfilter: conntrack: place 'new' timeout in first location too Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 05/12] netfilter: nf_tables: rework ct timeout set support Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 06/12] netfilter: kconfig: nat related expression depend on nftables core Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 07/12] netfilter: nf_tables: release chain in flushing set Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 08/12] netfilter: conntrack: reset tcp maxwin on re-register Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 09/12] netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Pablo Neira Ayuso
2018-09-11 0:20 ` Pablo Neira Ayuso [this message]
2018-09-11 0:20 ` [PATCH 11/12] netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Pablo Neira Ayuso
2018-09-11 0:20 ` [PATCH 12/12] netfilter: xt_hashlimit: use s->file instead of s->private Pablo Neira Ayuso
2018-09-12 4:21 ` [PATCH 00/12] Netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180911002044.9100-11-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).