| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2012 14:09:00 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH 3/3] netfilter: xt_CT: remove a compile warning
On Tue, Apr 03, 2012 at 08:48:21PM +0900, Tetsuo Handa wrote:
> One more question.
>
> Tetsuo Handa wrote:
> > 216 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
> > 217 if (info->timeout) {
> > 218 typeof(nf_ct_timeout_find_get_hook) timeout_find_get;
> > 219 struct ctnl_timeout *timeout;
> > 220 struct nf_conn_timeout *timeout_ext;
> > 221
> > 222 rcu_read_lock();
> > 223 timeout_find_get =
> > 224 rcu_dereference(nf_ct_timeout_find_get_hook);
> > 225
> > 226 if (timeout_find_get) {
>
> I assume timeout_find_get points to e.g. ctnl_timeout_find_get in
> net/netfilter/nfnetlink_cttimeout.c . If yes,
>
> > 227 const struct ipt_entry *e = par->entryinfo;
> > 228 struct nf_conntrack_l4proto *l4proto;
> > 229
> > 230 if (e->ip.invflags & IPT_INV_PROTO) {
> > 231 ret = -EINVAL;
> > 232 pr_info("You cannot use inversion on "
> > 233 "L4 protocol\n");
> > 234 goto err4;
> > 235 }
> > 236 timeout = timeout_find_get(info->timeout);
> > 237 if (timeout == NULL) {
> > 238 ret = -ENOENT;
> > 239 pr_info("No such timeout policy \"%s\"\n",
> > 240 info->timeout);
> > 241 goto err4;
> > 242 }
>
> I think "goto err4;" after successful timeout_find_get() wants e.g.
> nf_ct_timeout_put_hook call (e.g. ctnl_timeout_put()).
Indeed. The patch attached should fix this problem. Thanks.
View attachment "0001-netfilter-xt_CT-fix-missing-put-timeout-object-in-er.patch" of type "text/x-diff" (3113 bytes)
Powered by blists - more mailing lists