From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [NETFILTER 02/03]: ip_tables: fix compat related crash Date: Tue, 05 Jun 2007 12:56:21 -0700 (PDT) Message-ID: <20070605.125621.09952042.davem@davemloft.net> References: <20070605133508.10309.36756.sendpatchset@localhost.localdomain> <20070605133511.10309.33387.sendpatchset@localhost.localdomain> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org To: kaber@trash.net Return-path: In-Reply-To: <20070605133511.10309.33387.sendpatchset@localhost.localdomain> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org From: Patrick McHardy Date: Tue, 5 Jun 2007 15:35:11 +0200 (MEST) > [NETFILTER]: ip_tables: fix compat related crash > > check_compat_entry_size_and_hooks iterates over the matches and calls > compat_check_calc_match, which loads the match and calculates the > compat offsets, but unlike the non-compat version, doesn't call > ->checkentry yet. On error however it calls cleanup_matches, which in > turn calls ->destroy, which can result in crashes if the destroy > function (validly) expects to only get called after the checkentry > function. > > Add a compat_release_match function that only drops the module reference > on error and rename compat_check_calc_match to compat_find_calc_match to > reflect the fact that it doesn't call the checkentry function. > > Reported by Jan Engelhardt > > Signed-off-by: Dmitry Mishin > Signed-off-by: Patrick McHardy Applied.