| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Dec 2018 00:26:48 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Yafang Shao <laoar.shao@...il.com>
Cc: kadlec@...ckhole.kfki.hu, fw@...len.de, davem@...emloft.net,
adobriyan@...il.com, akpm@...ux-foundation.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/5] netfilter: fix missed NULL check in
nf_conntrack_proto_pernet_init()
On Wed, Dec 05, 2018 at 08:56:29PM +0800, Yafang Shao wrote:
> nf_ct_l4proto_net() may return NULL.
> That may happens if some module forget to set both l4proto->get_net_proto
> and l4proto->net_id.
> We'd check the return value here, in case crash happens.
>
> Signed-off-by: Yafang Shao <laoar.shao@...il.com>
> ---
> net/netfilter/nf_conntrack_proto.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 154e8c0..316fef3 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -946,6 +946,9 @@ int nf_conntrack_proto_pernet_init(struct net *net)
> struct nf_proto_net *pn = nf_ct_l4proto_net(net,
> &nf_conntrack_l4proto_generic);
There is another spot missing in this file that is missing the check
for NULL.
We can probably simplify all this is we place the gre conntracker in
the conntrack core, as it's been suggested already. It's the only one
remaining as a module and it now supports for IPv6, so it's probably
better follow that path.
Powered by blists - more mailing lists