[NETFILTER]: conntrack_netlink: Fix locking during conntrack_create
The current codepath allowed for ip_conntrack_lock to be unlock'ed twice. Signed-off-by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
94cd2b6764
commit
88aa042904
|
@ -1052,13 +1052,14 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
|
|||
err = -ENOENT;
|
||||
if (nlh->nlmsg_flags & NLM_F_CREATE)
|
||||
err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
|
||||
return err;
|
||||
}
|
||||
/* implicit 'else' */
|
||||
|
||||
/* we only allow nat config for new conntracks */
|
||||
if (cda[CTA_NAT-1]) {
|
||||
err = -EINVAL;
|
||||
goto out_unlock;
|
||||
} else {
|
||||
/* we only allow nat config for new conntracks */
|
||||
if (cda[CTA_NAT-1]) {
|
||||
err = -EINVAL;
|
||||
goto out_unlock;
|
||||
}
|
||||
}
|
||||
|
||||
/* We manipulate the conntrack inside the global conntrack table lock,
|
||||
|
|
Loading…
Reference in New Issue