* [PATCH nf-next] netfilter: add list element test to br_netfilter_hooks
@ 2016-12-06 15:04 Aaron Conole
0 siblings, 0 replies; only message in thread
From: Aaron Conole @ 2016-12-06 15:04 UTC (permalink / raw)
To: netfilter-devel; +Cc: dan.carpenter
The for-loop in the bridge hook entries assumes that the elements are
always present. However, this assumption may not always be true.
Fixes: 66cfc1dd07c7 ("netfilter: convert while loops to for loops")
Signed-off-by: Aaron Conole <aconole@bytheb.org>
--
Pablo, if possible could this be squashed into the commit instead? I
only did a build test of this, but it should be correct.
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index fbe35b4..b12501a 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -1009,7 +1009,7 @@ int br_nf_hook_thresh(unsigned int hook, struct net *net,
int ret;
for (elem = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]);
- nf_hook_entry_priority(elem) <= NF_BR_PRI_BRNF;
+ elem && nf_hook_entry_priority(elem) <= NF_BR_PRI_BRNF;
elem = rcu_dereference(elem->next))
;
--
2.5.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-12-06 15:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-06 15:04 [PATCH nf-next] netfilter: add list element test to br_netfilter_hooks Aaron Conole
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).