UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: nft_tunnel: add the missing nla_nest_cancel() 

When nla_put_xxx() fails under nla_nest_start_noflag(),
nla_nest_cancel() should be called, so that the skb can
be trimmed properly.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Xin Long 2019-12-13 16:53:09 +08:00 committed by Pablo Neira Ayuso
parent 73239bd970
commit 7e03998429
1 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
net/netfilter/nft_tunnel.c
View File

@ -443,10 +443,15 @@ static int nft_tunnel_ip_dump(struct sk_buff *skb, struct ip_tunnel_info *info)
if (!nest)
return -1;
if (nla_put_in6_addr(skb, NFTA_TUNNEL_KEY_IP6_SRC, &info->key.u.ipv6.src) < 0 ||
nla_put_in6_addr(skb, NFTA_TUNNEL_KEY_IP6_DST, &info->key.u.ipv6.dst) < 0 ||
nla_put_be32(skb, NFTA_TUNNEL_KEY_IP6_FLOWLABEL, info->key.label))
if (nla_put_in6_addr(skb, NFTA_TUNNEL_KEY_IP6_SRC,
&info->key.u.ipv6.src) < 0 ||
nla_put_in6_addr(skb, NFTA_TUNNEL_KEY_IP6_DST,
&info->key.u.ipv6.dst) < 0 ||
nla_put_be32(skb, NFTA_TUNNEL_KEY_IP6_FLOWLABEL,
info->key.label)) {
nla_nest_cancel(skb, nest);
return -1;
}
nla_nest_end(skb, nest);
} else {
@ -454,9 +459,13 @@ static int nft_tunnel_ip_dump(struct sk_buff *skb, struct ip_tunnel_info *info)
if (!nest)
return -1;
if (nla_put_in_addr(skb, NFTA_TUNNEL_KEY_IP_SRC, info->key.u.ipv4.src) < 0 ||
nla_put_in_addr(skb, NFTA_TUNNEL_KEY_IP_DST, info->key.u.ipv4.dst) < 0)
if (nla_put_in_addr(skb, NFTA_TUNNEL_KEY_IP_SRC,
info->key.u.ipv4.src) < 0 ||
nla_put_in_addr(skb, NFTA_TUNNEL_KEY_IP_DST,
info->key.u.ipv4.dst) < 0) {
nla_nest_cancel(skb, nest);
return -1;
}
nla_nest_end(skb, nest);
}
@ -477,37 +486,42 @@ static int nft_tunnel_opts_dump(struct sk_buff *skb,
if (opts->flags & TUNNEL_VXLAN_OPT) {
inner = nla_nest_start_noflag(skb, NFTA_TUNNEL_KEY_OPTS_VXLAN);
if (!inner)
return -1;
goto failure;
if (nla_put_be32(skb, NFTA_TUNNEL_KEY_VXLAN_GBP,
htonl(opts->u.vxlan.gbp)))
return -1;
goto inner_failure;
nla_nest_end(skb, inner);
} else if (opts->flags & TUNNEL_ERSPAN_OPT) {
inner = nla_nest_start_noflag(skb, NFTA_TUNNEL_KEY_OPTS_ERSPAN);
if (!inner)
return -1;
goto failure;
if (nla_put_be32(skb, NFTA_TUNNEL_KEY_ERSPAN_VERSION,
htonl(opts->u.erspan.version)))
return -1;
goto inner_failure;
switch (opts->u.erspan.version) {
case ERSPAN_VERSION:
if (nla_put_be32(skb, NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX,
opts->u.erspan.u.index))
return -1;
goto inner_failure;
break;
case ERSPAN_VERSION2:
if (nla_put_u8(skb, NFTA_TUNNEL_KEY_ERSPAN_V2_HWID,
get_hwid(&opts->u.erspan.u.md2)) ||
nla_put_u8(skb, NFTA_TUNNEL_KEY_ERSPAN_V2_DIR,
opts->u.erspan.u.md2.dir))
return -1;
goto inner_failure;
break;
}
nla_nest_end(skb, inner);
}
nla_nest_end(skb, nest);
return 0;
inner_failure:
nla_nest_cancel(skb, inner);
failure:
nla_nest_cancel(skb, nest);
return -1;
}
static int nft_tunnel_ports_dump(struct sk_buff *skb,