| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1504892748-1605-4-git-send-email-pablo@netfilter.org> Date: Fri, 8 Sep 2017 19:45:42 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: netfilter-devel@...r.kernel.org Cc: davem@...emloft.net, netdev@...r.kernel.org Subject: [PATCH 3/9] netfilter: nf_nat: don't bug when mapping already exists From: Florian Westphal <fw@...len.de> It seems preferrable to limp along if we have a conflicting mapping, its certainly better than a BUG(). Signed-off-by: Florian Westphal <fw@...len.de> Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org> --- net/netfilter/nf_nat_core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 40573aa6c133..dc3519cc7209 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -416,7 +416,9 @@ nf_nat_setup_info(struct nf_conn *ct, WARN_ON(maniptype != NF_NAT_MANIP_SRC && maniptype != NF_NAT_MANIP_DST); - BUG_ON(nf_nat_initialized(ct, maniptype)); + + if (WARN_ON(nf_nat_initialized(ct, maniptype))) + return NF_DROP; /* What we've got will look like inverse of reply. Normally * this is what is in the conntrack, except for prior -- 2.1.4
Powered by blists - more mailing lists