Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Fix chain filtering when dumping rules via nf_tables_dump_rules(). 2) Fix accidental change in NF_CT_STATE_UNTRACKED_BIT through uapi, introduced when removing the untracked conntrack object, from Florian Westphal. 3) Fix potential nul-dereference when releasing dump filter in nf_tables_dump_obj_done(), patch from Hangbin Liu. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-01-05 10:33:01 -05:00 · 2018-01-05 10:33:01 -05:00 · f737be8d61
parent 6926e041a8 8bea728dce
commit f737be8d61
2 changed files with 6 additions and 4 deletions
--- a/include/uapi/linux/netfilter/nf_conntrack_common.h
+++ b/include/uapi/linux/netfilter/nf_conntrack_common.h
@ -36,7 +36,7 @@ enum ip_conntrack_info {

 #define NF_CT_STATE_INVALID_BIT			(1 << 0)
 #define NF_CT_STATE_BIT(ctinfo)			(1 << ((ctinfo) % IP_CT_IS_REPLY + 1))
-#define NF_CT_STATE_UNTRACKED_BIT		(1 << (IP_CT_UNTRACKED + 1))
+#define NF_CT_STATE_UNTRACKED_BIT		(1 << 6)

 /* Bitset representing status of connection. */
 enum ip_conntrack_status {
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
 				continue;

 			list_for_each_entry_rcu(chain, &table->chains, list) {
-				if (ctx && ctx->chain[0] &&
+				if (ctx && ctx->chain &&
 				    strcmp(ctx->chain, chain->name) != 0)
 					continue;

@ -4665,8 +4665,10 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb)
 {
 	struct nft_obj_filter *filter = cb->data;

-	kfree(filter->table);
-	kfree(filter);
+	if (filter) {
+		kfree(filter->table);
+		kfree(filter);
+	}

 	return 0;
 }