| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jan 2007 20:18:47 +0100
From: Malte Schröder <MalteSch@....de>
To: Martin Josefsson <gandalf@...g.westbo.se>
Cc: Chuck Ebbert <76306.1226@...puserve.com>,
linux-kernel@...r.kernel.org, Patrick McHardy <kaber@...sh.net>,
berni@...kenwald.de, netfilter-devel@...ts.netfilter.org
Subject: Re: [BUG] panic 2.6.20-rc3 in nf_conntrack
On Wednesday 03 January 2007 09:34, Martin Josefsson wrote:
> I saw your (correct) analysis after having made the patch below, it has
> been tested successfully by Bernhard Schmidt. (Netfilter bugzilla #528)
>
> Check the return value of nfct_nat() in device_cmp(), we might very well
> have non NAT conntrack entries as well.
>
I was not capable to reproduce the problem. Thanks :)
> Signed-off-by: Martin Josefsson <gandalf@...g.westbo.se>
>
> --- linux-2.6.20-rc3/net/ipv4/netfilter/ipt_MASQUERADE.c.orig 2007-01-02
> 22:47:14.000000000 +0100 +++
> linux-2.6.20-rc3/net/ipv4/netfilter/ipt_MASQUERADE.c 2007-01-02
> 22:57:11.000000000 +0100 @@ -127,10 +127,13 @@
> static inline int
> device_cmp(struct ip_conntrack *i, void *ifindex)
> {
> + int ret;
> #ifdef CONFIG_NF_NAT_NEEDED
> struct nf_conn_nat *nat = nfct_nat(i);
> +
> + if (!nat)
> + return 0;
> #endif
> - int ret;
>
> read_lock_bh(&masq_lock);
> #ifdef CONFIG_NF_NAT_NEEDED
--
---------------------------------------
Malte Schröder
MalteSch@....de
ICQ# 68121508
---------------------------------------
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists