| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 May 2016 11:19:46 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Florian Westphal <fw@...len.de> Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf On Wed, May 04, 2016 at 12:27:36AM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@...filter.org> wrote: > > > - if (NF_CT_DIRECTION(hash)) > > > - goto release; > > > - if (nf_ct_l3num(ct) != AF_INET) > > > + /* check if we raced w. object reuse */ > > > + if (!nf_ct_is_confirmed(ct) || > > > > This refactoring includes this new check, is this intentional? > > Hmm, yes and no. > > I should have put it in an extra commit :-/ > > Without this, we might erronously print a conntrack that is NEW > and which isn't confirmed yet. > > We won't crash since seq_print doesn't depend on extensions being > set up properly, but it seems better to only display those conntracks > that are part of the conntrack hash table (i.e., have the confirmed bit > set). I see, a conntrack that shouldn't be printed be sneak in the listing. > Let me know if you want me to respin this as a separate fix, thanks! I will just append a notice on the commit message before applying.
Powered by blists - more mailing lists